CVE-2026-8450

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245 , carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WA...

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-10871

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

CVE-2026-10872

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10873

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

PT-2026-47149

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

PT-2026-47150

Name of the Vulnerable Software and Affected Versions vertex-app vertex versions prior to 2026.02.12 Description An issue exists in the Log Viewer Endpoint component within the file app/model/LogMod.js. Improper processing of the req.query argument allows for remote OS command injection, which...

RHEL 9 : redis (RHSA-2026:23229)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:23229 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

VERTEX 操作系统命令注入漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...

GL.iNet MT3000 命令注入漏洞

The GL.iNet MT3000 is a portable router from the company GL.iNet, which uses the Wi-Fi 6 protocol. Versions of GL.iNet MT3000 prior to 4.4.5 have a command injection vulnerability. This vulnerability stems from the OpenVPN client’s import workflow, where the ovpnclient.sh file contains a command...

RHEL 8 : openssh (RHSA-2026:22329)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22329 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : openssh (RHSA-2026:22648)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22648 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : openssh update (Important) (RHSA-2026:22564)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22564 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

CVE-2026-25622

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

CVE-2026-25620

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...