CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

PT-2026-28648

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description An OS Command Injection issue exists in NEC Platforms, Ltd. Aterm Series. This allows a malicious actor to execute arbitrary OS commands through the network...

PT-2026-28646

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description An OS Command Injection issue exists in NEC Platforms, Ltd. Aterm Series. This allows a malicious actor to execute arbitrary OS commands through the network...

CVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

CVE-2026-31999

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

CVE-2026-22901

A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

CVE-2025-54820

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

CVE-2026-22897

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later...

CVE-2019-25487

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to...

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

EUVD-2026-16189

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

CVE-2025-55271 HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response...

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.35 contained security vulnerabilities; these vulnerabilities stemmed from an incomplete sandbox blocklist, which could lead to remot...

Exploit for OS Command Injection in Arcane

CVE-2026-23520 MCP API Remote Command Execution RCE Proo...

PT-2026-27217

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...

VulnCheck KEV: CVE-2020-9374

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature...

CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...