PT-2026-47808

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.9.0.1 Ivanti EPMM versions prior to 12.8.0.3 Ivanti EPMM versions prior to 12.7.0.2 Description An OS command injection issue allows a remote authenticated attacker to execute arbitrary commands with root...

VulnCheck KEV: CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2026-2232)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty...

CVE-2026-38615

CVE-2026-38615 affects DedeCMS v5.7.118 with a command execution vulnerability in file_manage_control.php. Public sources confirm the issue but do not provide detailed exploitation steps or concrete remediation in the supplied documents. The CVSSv3.1 metrics indicate a high-severity, network-expl...

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

PT-2026-47859

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient authentication and input validation allow users connected to the local network to execute commands, which can impact product confidentiality or allow the modification of certain...

PT-2026-47686

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

Ivanti EPMM 操作系统命令注入漏洞

Ivanti EPMM is a product developed by the American company Ivanti. It enables IT departments to create policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.9.0.1, 12.8.0.3, and 12.7.0.2 contained a vulnerability related to operating system command injection...

Logseq 操作系统命令注入漏洞

Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a vulnerability related to operating system command injection. This vulnerability stems from the IPC handler allowing renderer processes to execute shell commands, and...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2026-2269)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-2257)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...

PT-2026-48344

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL COMMANDS whitelist and achieving full Remote Code Executio...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR, a company in the United States. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow users connected to the local WiFi network to execute operating...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

Security update for agama-web-ui (moderate)

openSUSE security update: security update for agama-web-ui ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20919-1 Rating: moderate References: bsc1246678 bsc1264160 bsc1264802 bsc1266256 Cross-References: CVE-2025-7339 CVE-2026-42041 CVE-2026-42264...

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation (cisco-sa-sdwan-privesc-4uxFrdzx)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD- WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly...

PT-2026-48340

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.6.5 Net::IMAP versions prior to 0.5.15 Description Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Certain commands accept a raw data argument that is sent verbatim after...