465 matches found
Web-Check < 2.0.1 Screenshot API - OS Command Injection
Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...
CVE-2026-41880 OS Command Injection in R-SOFT DMS
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...
CVE-2026-24699
An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...
CVE-2026-53479
Dell PowerProtect Data Domain is affected: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an OS command injection due to improper neutralization of special elements. A remote high-privileged attacker could exploit this to bypass pr...
PT-2026-56189
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
EUVD-2026-40256
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...
EUVD-2026-39434
CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...
CVE-2026-8658
CVE-2026-8658 describes an OS Command Injection in the Rapid7 InsightConnect Tcpdump Plugin running on Linux, caused by insufficient input sanitization during shell command construction. The vulnerability affects the plugin’s handling of options and filter parameters, allowing an authenticated at...
CVE-2026-55570
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...
CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
pgAdmin 9.x < 9.16 Read-Only Transaction Bypass (CVE-2026-12045)
The version of pgAdmin installed on the remote host is 9.x prior to 9.16. It is, therefore, affected by a read-only transaction bypass vulnerability: - The AI Assistant's executesqlquery tool accepts multi-statement payloads. A single COMMIT followed by a write-statement terminates the enclosing...
CVE-2026-35018
NetComm NF20MESH routers running firmware R6B031 and earlier are affected by an authenticated remote code execution vulnerability. The flaw resides in dalStorage_addUserAccount where shell metacharacters injected into the username JSON parameter are unsafely concatenated into a shell command stri...
CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
PT-2026-51580
Name of the Vulnerable Software and Affected Versions @rtk-ai/rtk-rewrite version 1.0.0 Description The @rtk-ai/rtk-rewrite OpenClaw plugin fails to properly escape input passed to a shell-backed execSync function. While JSON.stringify is used to wrap values in double quotes, it does not neutrali...
CVE-2026-12104
OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-si...
EUVD-2026-36730
Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...
PT-2026-49315
Name of the Vulnerable Software and Affected Versions kanishka-linux Reminiscence version 0.3.0 Description An OS command injection allows attackers to execute arbitrary commands by supplying crafted input to the '/manage/features/media' endpoint. OS command injection is a flaw where an applicati...
CVE-2026-25089
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...