Lucene search
K

70963 matches found

Cvelist
Cvelist
added 2026/04/20 6:54 a.m.30 views

CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

9.4CVSS0.01451EPSS
Exploits1References1
CVE
CVE
added 2026/04/20 6:54 a.m.23 views

CVE-2026-6644

The CVE-2026-6644 entry describes a command-injection vulnerability in ADM PPTP VPN Clients that allows an administrative user to escape the restricted web environment and execute arbitrary OS commands, enabling Remote Code Execution and full system compromise. Affected are ADM versions 4.1.0–4.3...

9.4CVSS6.2AI score0.01451EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2026/04/20 12:0 a.m.8 views

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...

7.2CVSS5.6AI score0.0114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33723

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RR42 ADM versions 5.0.0 through 5.1.2.REO1 Description A command injection issue exists in the PPTP VPN Clients of ASUSTOR ADM. This flaw allows an administrative user to bypass the restricted web environment a...

9.4CVSS6.2AI score0.01451EPSS
Exploits1References16
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.76 views

📄 dwol 1.0.0 Command Injection

dwol version 1.0.0 suffers from an unauthenticated command injection vulnerability in the host parameter of the /api/machines endpoint. Exploit Title: dwol v1.0.0 - Unauthenticated Command Injection Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dwol...

5.8AI score
Exploits0
CNVD
CNVD
added 2026/04/20 12:0 a.m.5 views

PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

9.8CVSS5.7AI score0.00824EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the...

7.4CVSS5.7AI score0.01156EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/20 12:0 a.m.9 views

PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...

10CVSS5.5AI score0.00383EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

TeamT5 ThreatSonar Anti-Ransomware 安全漏洞

TeamT5 ThreatSonar Anti-Ransomware is an active and intelligent endpoint detection and response solution provided by TeamT5. TeamT5 ThreatSonar Anti-Ransomware has a security vulnerability, which stems from an OS command injection issue. This vulnerability could allow authenticated remote attacke...

8.8CVSS6.1AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33766

Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS Command Injection flaw in the user interface allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33762

Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS command injection flaw allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs due to unsanitized...

8.4CVSS6.2AI score0.0252EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.4 views

PT-2026-33786

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

7.2CVSS5.9AI score0.0147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33799

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description An OS command injection issue exists where...

7.2CVSS6AI score0.01191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33798

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...

6.7CVSS6.1AI score0.00882EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.4 views

PT-2026-33795

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...

7.2CVSS6.1AI score0.01191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33805

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

6.7CVSS6.1AI score0.01159EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of the Dell PowerProtect Data Domain. These...

7.2CVSS6.1AI score0.01159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There is a security vulnerability in Dell PowerProtect Data Domain, which stems from an operating system command injection issue. The...

7.2CVSS5.8AI score0.0147EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/20 12:0 a.m.4 views

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18581)

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

6.7CVSS5.9AI score0.00571EPSS
Exploits0
CNVD
CNVD
added 2026/04/20 12:0 a.m.2 views

Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability (CNVD-2026-18584)

Dell PowerProtect Data Domain is a data protection storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain Operating...

6.7CVSS5.4AI score0.00524EPSS
Exploits0
Rows per page
Query Builder