146513 matches found
CVE-2026-9385
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...
CVE-2026-44713 pam_usb: Command injection via $TMUX environment variable leads to RCE as root
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...
CVE-2026-44713 pam_usb: Command injection via $TMUX environment variable leads to RCE as root
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...
CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
EUVD-2026-32639
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
CVE-2026-44590 Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is vulnerable to command injection via the pullrequesttarget trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltra...
CVE-2026-44590
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is vulnerable to command injection via the pullrequesttarget trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltra...
CVE-2026-44590
The CVE-2026-44590 entry concerns the Sherlock project’s GitHub Actions workflow validate_modified_targets.yml. Before version 0.16.1, a command-injection vulnerability in the pull_request_target flow allowed any GitHub user to execute arbitrary commands on the CI runner and exfiltrate the workfl...
EUVD-2026-32638
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is vulnerable to command injection via the pullrequesttarget trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltra...
CVE-2026-44590 Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validatemodifiedtargets.yml is vulnerable to command injection via the pullrequesttarget trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltra...
Malicious code in @polka-ui/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 662c2a1b8ad5d264ec01b078f95c130c96398305ba009a2c2de33cc9d7db7486 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-5509
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...
CVE-2026-45087
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...
CVE-2025-69600
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...