CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

CVE-2026-6483

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

MAL-2026-2841 Malicious code in lixxyly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

CVE-2026-6483

CVE-2026-6483 affects Wavlink WL-WN530H4 (firmware 20220721). The flaw is in the strcat/snprintf usage in /cgi-bin/internet.cgi, enabling remote, unauthenticated command injection with high impact (confidentiality, integrity, availability). Exploitation is feasible over the network; public exploi...

CVE-2026-6483 Wavlink WL-WN530H4 internet.cgi snprintf os command injection

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

CVE-2026-6483 Wavlink WL-WN530H4 internet.cgi snprintf os command injection

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

EUVD-2026-23396

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with...

CVE-2026-23778

Affected product: Dell PowerProtect Data Domain with DD OS (Feature Release: 7.7.1.0–8.5; LTS2025: 8.3.1.0–8.3.1.20; LTS2024: 7.13.1.0–7.13.1.50). Issue: command injection vulnerability allowing a high-privilege, remote attacker to potentially gain root-level access. Impact: CVSS v3.1 base score ...

PT-2026-33435

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

Cisco Smart Software Manager On-Prem Arbitrary Command Execution (cisco-sa-ssm-cli-execution-cHUcWuNr)

According to its self-reported version, Cisco Smart Software Manager On-Prem Arbitrary Command Execution is affected by a vulnerability. - A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the...

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...

PT-2026-33505

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An authenticated remote user can execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, the...

ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

ROS-20260417-73-0037

Vulnerability in zabbix7-lts is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

Partial String Comparison

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...

GHSA-CVRR-QHGW-2MM6 Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

CVE-2026-6158

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2026-33361

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the MCP adapter due to unsafe serialization of stdio commands, allowing an authenticated attacker to achieve command execution on the underlying operating system. The flaw is locat...

EUVD-2026-22962

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...