D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account

The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...

Security update for hplip

This update for hplip fixes the following issues Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an...

SUSE-SU-2026:2222-1 Security update for hplip

This update for hplip fixes the following issues Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or arbitrary code execution via ...

CVE-2026-10127

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

MAL-2026-5151 Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

GHSA-WRH2-89VG-4J9G vulnerabilities

Vulnerabilities for packages: kots, gitea, istio, caddy, kyverno, flux, traefik, prometheus-operator, hydra, nerdctl, minio, step-issuer, kine, hubble, telegraf, grafana-pyroscope, argo-cd, opentelemetry-collector, crossplane-provider-azure-authorization, step, vale, k3s, fq, cilium,...

CVE-2026-10550 elunez eladmin Application Deployment App.java command injection

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

EUVD-2026-33857

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10550

Summary of CVE-2026-10550 (elunez eladmin) : Affects eladmin up to 2.7; the vulnerability targets the Application Deployment Module, specifically the App.java component. The issue arises from manipulating the uploadPath argument, enabling command injection and remote code execution. Public exploi...

CVE-2026-10550 elunez eladmin Application Deployment App.java command injection

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

EUVD-2026-33843

Memory Corruption when processing display command line information due to improper initialization of a variable...

RockyLinux 10 : openssh (RLSA-2026:19069)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19069 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

PT-2026-45696

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

Cisco Application Policy Infrastructure Controller DoS (cisco-sa-apic-dos-rNus8EFw)

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a vulnerability. - A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affect...

CVE-2026-41010 - Release Job Name Command Injection on BOSH Director | Cloud Foundry

CVSSv4: High 8.7 CVSS:4.0:/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH Director – All versions prior to v282.1.12 Description...