Lucene search
K

9839 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/05 6:26 p.m.6 views

CVE-2026-46394

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS6.6AI score0.00768EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/05 6:26 p.m.10 views

EUVD-2026-34885

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS6.6AI score0.00768EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 6:17 p.m.11 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS0.0034EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 6:17 p.m.10 views

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.01044EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 6:0 p.m.13 views

EUVD-2026-34876

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

9.8CVSS5.5AI score0.01729EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/05 5:58 p.m.29 views

CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS0.02008EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 4:45 p.m.10 views

EUVD-2026-34860

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.3AI score0.01044EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 5:50 a.m.15 views

EUVD-2026-34786

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 5:50 a.m.42 views

CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS0.0092EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:30 p.m.13 views

EUVD-2026-34323

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS6.8AI score0.02199EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 2:16 p.m.45 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS0.29641EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/04 1:13 p.m.41 views

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS0.29641EPSS
Exploits1References1
NVD
NVD
added 2026/06/03 4:16 p.m.24 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS0.01491EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.11 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS6AI score0.01491EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.38 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

0.01491EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 12:0 a.m.17 views

CVE-2026-36576

The vulnerability CVE-2026-36576 affects the openlabs docker-wkhtmltopdf-aas project, specifically the app.py component, with evidence across NVD and related feeds. Up to commit 9f50579, an OS command injection allows an attacker to execute arbitrary commands via a crafted POST request. The CVSS ...

9.8CVSS6AI score0.01491EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 5:45 p.m.11 views

CVE-2026-10279 hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pane wezterm_executor.ts os command injection

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...

6.5CVSS6.4AI score0.01088EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

6.5CVSS5.6AI score0.01088EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.26 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

6.3AI score0.0012EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.9 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder