PT-2026-41678

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: vim (UTSA-2026-021495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021495 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

RHEL 8 : dovecot (RHSA-2026:18053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18053 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

Claude HUD 代码问题漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained code vulnerabilities. These vulnerabilities stemmed from command injection issues, allowing local attackers to execute arbitrary...

webdriverio 操作系统命令注入漏洞

WebdriverIO is an open-source automation testing framework for browsers and mobile devices developed by WebdriverIO. Versions of WebdriverIO prior to 9.24.0 had a vulnerability related to operating system command injection. This vulnerability stemmed from the getGitMetadataForAISelection function...

Alibaba Cloud Linux 3 : 0112: python3.11 (ALINUX3-SA-2026:0112)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0112 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...

PT-2026-41662

Name of the Vulnerable Software and Affected Versions P4 Server versions prior to 2025.2 Patch 2 Description A security issue exists in the Command-Line Client of P4 Server that could lead to potential security risks. Recommendations Update to P4 Server version 2025.2 Patch 2 or later...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)

The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...

VulnCheck KEV: CVE-2025-1448

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...

PT-2026-41737

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

Mattermost 代码问题漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have code vulnerabilities. These vulnerabilities stem from the lack of validation of the...

CVE-2025-57282

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...

PT-2026-41680

An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd...

Edimax BR-6428nS 注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. The Edimax BR-6428NS v41.10 version has a vulnerability known as “injection flaw.” This flaw arises from the function formStaDrvSetup in the POST Request Handler component, which processes the parameter stadrvssid. This...

Perforce P4 代码注入漏洞

Perforce P4 is an enterprise-level version control and code management platform provided by Perforce Corporation. Versions of Perforce P4 prior to 2025.2 Patch 2 contained a code injection vulnerability, which stemmed from issues with the command-line client and could potentially pose security...

Alibaba Cloud Linux 3 : 0107: vim (ALINUX3-SA-2026:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-34982: Vim is an open source, command line...

PT-2026-41595

A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv ssid results in command injection. The attack can be initiated remotely...