cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

RHEL 10 : cockpit (RHSA-2026:21676)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21676 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

EUVD-2026-29051

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

Linux Distros Unpatched Vulnerability : CVE-2026-4802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized...

CVE-2026-34560

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the logs rendering process. An attacker can execute arbitrary JavaScript in the browser context of an administrator by injecting a malicious...

GHSA-R4V5-RWR2-Q7R4 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering Administrative Context Execution - Stored Cross-Site Scripting Blind XSS via Unsafe Rendering of User-Controlled Logged Data Description The application renders user-controlled input unsafely within the logs interface. If an...

CVE-2026-34560

CVE-2026-34560 affects CI4MS, a CodeIgniter 4–based CMS skeleton. Before version 0.31.0.0, the logs interface renders user-controlled input unsafely, storing a payload that may execute later as a blind XSS when an administrator views the logs. This can enable full account takeover for all roles a...

PT-2026-29625

Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: CI4MS is a CodeIgniter 4-based CMS skeleton. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface, leading to a stored DOM Blind XSS scenario...

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...