PT-2026-42440

Honeywell Control Network Module CNM contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution RCE...

FreeBSD 操作系统命令注入漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a vulnerability related to command injection attacks. This vulnerability arises from the lack of protection when scanning Wi-Fi networks, as shell extensions may be used to manipulate network names. This allo...

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.4 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160788)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160788 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS...

F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K000161107)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161107 advisory. A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticate...

MAL-2026-4208 Malicious code in mnemonic-safety-check (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

IINA 参数注入漏洞

IINA is an open-source modern macOS video player developed by IINA. Versions of IINA prior to 1.4.3 had a parameter injection vulnerability. This vulnerability stemmed from the lack of validation for the mpvoptions/input-commands parameter via the custom URL scheme iina://open. This allowed remot...

Honeywell Control Network Module 安全漏洞

The Honeywell Control Network Module is a network communication control module developed by the American company Honeywell, aimed at industrial automation and process control systems. The Honeywell Control Network Module has a security vulnerability, which stems from command injection in the web...

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.1 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

PT-2026-42532

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv -prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that...

PT-2026-42646

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. is executable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code an...

PowerDNS Authoritative 命令注入漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a command injection vulnerability, which stems from insufficient name validation during the AXFR process...

PT-2026-42688

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...

F5 Networks BIG-IP : iControl REST vulnerability (K000160916)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160916 advisory. A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at leas...

MAL-2026-4214 Malicious code in polymarket-terminal (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

PT-2026-42605

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within handling of the customLocation parameter. The issue results from the lack ...

Trend Micro Apex One 路径遍历漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160857)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160857 advisory. When running in Appliance mode, an authenticated remote command injection vulnerability exists in an...