70963 matches found
CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...
CVE-2026-6644
The CVE-2026-6644 entry describes a command-injection vulnerability in ADM PPTP VPN Clients that allows an administrative user to escape the restricted web environment and execute arbitrary OS commands, enabling Remote Code Execution and full system compromise. Affected are ADM versions 4.1.0–4.3...
Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability
Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...
PT-2026-33723
Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RR42 ADM versions 5.0.0 through 5.1.2.REO1 Description A command injection issue exists in the PPTP VPN Clients of ASUSTOR ADM. This flaw allows an administrative user to bypass the restricted web environment a...
📄 dwol 1.0.0 Command Injection
dwol version 1.0.0 suffers from an unauthenticated command injection vulnerability in the host parameter of the /api/machines endpoint. Exploit Title: dwol v1.0.0 - Unauthenticated Command Injection Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dwol...
PraisonAI Operating System Command Injection Vulnerability
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...
Linux Distros Unpatched Vulnerability : CVE-2026-41015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the...
PraisonAI OS Command Injection Vulnerability (CNVD-2026-18145)
PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...
TeamT5 ThreatSonar Anti-Ransomware 安全漏洞
TeamT5 ThreatSonar Anti-Ransomware is an active and intelligent endpoint detection and response solution provided by TeamT5. TeamT5 ThreatSonar Anti-Ransomware has a security vulnerability, which stems from an OS command injection issue. This vulnerability could allow authenticated remote attacke...
PT-2026-33766
Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS Command Injection flaw in the user interface allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs...
PT-2026-33762
Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS command injection flaw allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs due to unsanitized...
PT-2026-33786
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...
PT-2026-33799
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description An OS command injection issue exists where...
PT-2026-33798
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...
PT-2026-33795
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
PT-2026-33805
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of the Dell PowerProtect Data Domain. These...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There is a security vulnerability in Dell PowerProtect Data Domain, which stems from an operating system command injection issue. The...
Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18581)
The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...
Dell PowerProtect Data Domain Data Domain Operating System Command Injection Vulnerability (CNVD-2026-18584)
Dell PowerProtect Data Domain is a data protection storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain Operating...