CVE-2026-20245 Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

CVE-2026-20245

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) is affected by CVE-2026-20245. The vulnerability arises from insufficient validation of user-supplied input in the CLI, enabling an authenticated, local attacker to upload a crafted file and perform command injection, potentially elevating p...

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-10873

The CVE-2026-10873 entry pertains to Shibby Tomato 1.28.0000, where the rstats_path function in /bin/rstats of the Web UI is vulnerable. The underlying issue enables an os command injection, with remote attack potential. Public exploit details exist per the connected CVE listing, and the project ...

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872

CVE-2026-10872 affects Shibby Tomato 1.28.0000 Web UI: the start_vpnserver function in /sbin/rc is vulnerable to remote OS command injection. Exploit published; impact is high (C/I/A). Privileges required: HIGH; no user interaction. Superseded by FreshTomato.

CVE-2026-42824

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

CVE-2026-10871 Shibby Tomato Web UI rc start_6rd_tunnel os command injection

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-10871 Shibby Tomato Web UI rc start_6rd_tunnel os command injection

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-10871

CVE-2026-10871 affects Shibby Tomato 1.28.0000 in the Web UI, specifically the start_6rd_tunnel function in /sbin/rc. Manipulation of the ipv6_6rd_borderrelay argument enables OS command injection, with remote execution possible and exploits disclosed publicly. The project is superseded by FreshT...

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

GHSA-4P62-HQP5-G644 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

CVE-2026-10870 Shibby Tomato Web UI rc start_dhcpc os command injection

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

EUVD-2026-34323

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...