CVE-2026-33000

Summary: CVE-2026-33000 affects UniFi OS devices and stems from an Improper Input Validation that enables a Command Injection. An attacker with network access and high privileges could exploit this with no user interaction to achieve potentially high impact on confidentiality, integrity, and avai...

EUVD-2026-31385

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

EUVD-2026-31382

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-34910

CVE-2026-34910 affects UniFi OS devices and stems from an Improper Input Validation vulnerability that allows a Command Injection . The connected records specify a network-adjacent attacker could exploit this with no user interaction, leading to high impact on confidentiality, integrity, and avai...

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

EUVD-2026-31350

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting unsanitized input stored in savetmpl.cgi and render...

PT-2026-42656

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A malicious actor with network access and high privileges can exploit improper input validation to perform command injection. Command injection is a flaw that allows an attacker to execute...

PT-2026-42848

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network. Recommendations At the...

PT-2026-42838

Name of the Vulnerable Software and Affected Versions Microsoft Power Pages affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to execute code over a network via command injection, which is the execution of...

Microsoft 365 Copilot 命令注入漏洞

Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements during command injections. This vulnerability could allow unauthorized attackers ...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

D-Link DCS-2530L < 1.07 and DCS-2670L < 2.03 Multiple Vulnerabilities

According to its self-reported version, D-Link IP Camera DCS-2530L on or before 1.05.05, and DCS-2670L on or before 2.02 are affected by multiple vulnerabilities. - A command injection vulnerability exists in affected devices due to the improper neutralization of special elements in...

RockyLinux 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RLSA-2026:7383)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7383 advisory. cockpit: ws: be more explicit when handling hostnames on cli CVE-2026-4631 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 10 : openssh (RLSA-2026:13380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13380 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

RockyLinux 9 : openssh (RLSA-2026:13381)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13381 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

RockyLinux 8 : python3 (RLSA-2026:6473)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6473 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

PT-2026-42707

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently...

PT-2026-42816

Name of the Vulnerable Software and Affected Versions Kiro CLI versions prior to 1.28.0 Description Missing input source validation in the tool authorization prompt allows a local attacker to execute arbitrary tools, including shell commands, without user approval. This is achieved by crafting...