CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

Eclipse Glassfish 安全漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a security vulnerability, which stems from improper handling of expressions in the server-side template rendering mechanism. This vulnerability allows remote attackers to completely destroy the...

PT-2026-40903

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...

Malicious code in npmjs_ethers-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 44bf066109e89ee5929d905131a51645ca3fa95245ea078f5f727412e2f39a40 The OpenSSF Package Analysis project identified 'npmjsethers-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2026-32673

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a...

Lenovo Personal Cloud Storage 操作系统命令注入漏洞

Lenovo Personal Cloud Storage is a personal cloud storage service provided by Lenovo Corporation. Lenovo Personal Cloud Storage has a vulnerability related to operating system command injection. This vulnerability stems from potential vulnerabilities, which may allow remote authenticated users to...

EUVD-2026-29816

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

PT-2026-40338

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

PT-2026-38667

Name of the Vulnerable Software and Affected Versions Atlona AT-OME-MS42 Matrix Switcher version 1.1.2 Description Remote authenticated users can execute arbitrary commands with root privileges. This is possible via a POST request to the '/cgi-bin/time.cgi' endpoint using the serverName parameter...

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the NodeVM constructor in lib/nodevm.js. An attacker can run host commands when the VM is set up...

DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

PT-2026-38286

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0 through 4.17.11 Craft CMS versions 5.0.0 through 5.9.17 Description An input-handling flaw in a Yii object creation path allows authenticated users to inject malicious configuration and execute arbitrary commands on th...

MAL-2026-3292 Malicious code in @breeze-ai/ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ca524608c9ab3d41715be26a354c2a643216f0bb79c8aec50de4f5e6b6ee523 The package @breeze-ai/ui-library was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3300 Malicious code in ally-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3b62d3c11f608087ea0651eb467ec7e0c9e43258abb6df889f64c8d1a6eb61 The package ally-forms was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ally-ccapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ba9950b3624a3cb0afb844592910fe317569f314fd6681870857d638b1cfc The package ally-ccapi was found to contain malicious code. Source: ghsa-malware c3a850b3a4466c4cc00dee663a54c3bcc8a23c9c74e5e01a9b14f27b616d9934 Any...

PT-2026-35982

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling SEH mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger...

MAL-2026-3081 Malicious code in frank-research-poc-apple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...