Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

Acer Predator Connect W6x 命令注入漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a command injection vulnerability. This vulnerability arises from the program’s failure to effectively filter or sanitize malicious inputs i...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

Linux Distros Unpatched Vulnerability : CVE-2026-44590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is...

AlmaLinux 8 : cockpit (ALSA-2026:21700)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

Fedora 44 : haveged (2026-12643837bd)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-12643837bd advisory. Backport fix for CVE-2026-41054: privilege escalation via command socket Tenable has extracted the preceding description block directly from the Fedora...

MAL-2026-5034 Malicious code in @t-in-one/add_application (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

MAL-2026-5046 Malicious code in @t-in-one/send_add_application (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Linux Distros Unpatched Vulnerability : CVE-2026-49128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the tRPC endpoint of application.updateTraefikConfig, where authenticated OS commands cou...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

MAL-2026-5031 Malicious code in @capibar.chat/ui-kit (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

PT-2026-44812

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

PT-2026-44805

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Comma...

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 contained a security vulnerability; this vulnerability could allow command execution due to guest user...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.1 contain security vulnerabilities. These vulnerabilities stem from the destinationPath parameter in the Docker file upload function not being properly cleaned and directly inserted into the shell...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...