D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCPJam Unauthenticated Remote Code Execution...

Linux Distros Unpatched Vulnerability : CVE-2026-26318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

📄 MCPJam Inspector 1.4.2 Command Injection

This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...

Linux Distros Unpatched Vulnerability : CVE-2026-26280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks functio...

EUVD-2026-34099

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

Linux Distros Unpatched Vulnerability : CVE-2026-44724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in...

CVE-2026-36576

The vulnerability CVE-2026-36576 affects the openlabs docker-wkhtmltopdf-aas project, specifically the app.py component, with evidence across NVD and related feeds. Up to commit 9f50579, an OS command injection allows an attacker to execute arbitrary commands via a crafted POST request. The CVSS ...

Linux Distros Unpatched Vulnerability : CVE-2025-68154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS...

PT-2026-45953

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

Linux Distros Unpatched Vulnerability : CVE-2026-24712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. CVE-2026-24712 Note that Nessus relies on the presen...

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

Exploit for OS Command Injection in Gnu Bash

HackTheBox: Shocker Writeup A structured and professional walk...

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...