📄 Trojan-Spy.Win32.Small MVID-2026-0705 Remote Command Execution

Trojan-Spy.Win32.Small malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access to execute arbitrary operating system commands on the infected host. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2026 Original source:...

SUSE CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

Exploit-for-OSVDB-75095-LotusCMS-3.0

LotusCMS 3.0 eval RCE — Defensive Research Overview This...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-32311 Command Injection and Docker container escape allows root on host machine

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

EUVD-2026-23899

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-24504

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this...

CVE-2026-24505

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-24504

CVE-2026-24504 affects Dell PowerProtect Data Domain versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60, due to improper input validation. A high-privilege attacker with remote access could potentially exploit this to achieve arbitrary command execution with root privi...

CVE-2026-23774

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

CVE-2026-26944

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-40527

A flaw was found in radare2. A remote attacker can exploit this by crafting an ELF Executable and Linkable Format binary that embeds malicious commands within its DWARF Debugging With Attributed Record Formats parameter names. When radare2 analyzes such a binary, these embedded commands are...

CVE-2026-33145

A flaw was found in xrdp. An authenticated remote user can exploit this vulnerability due to the unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, xrdp executes client-supplied AlternateShell values via /bin/sh -c during session...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain Dell PowerProtect DD, as well as...

Flowsint 安全漏洞

Flowsint is an open-source intelligence visualization and investigation tool developed by reconurge. Flowsint has a security vulnerability, which stems from the orgtoasn converter allowing arbitrary OS commands to be executed through shell metacharacters and Docker containers. This could enable...

ROS-20260420-73-0030

Vulnerability in moodle is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

PT-2026-33832

Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...

PT-2026-33833

Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...

Exploit for CVE-2026-4257

⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...