PT-2026-46383

Name of the Vulnerable Software and Affected Versions Shibby Tomato version 1.28.0000 Description An OS command injection flaw exists in the Web UI component. The issue is located in the start dhcpc function within the /sbin/rc file, allowing a remote attacker to execute arbitrary operating syste...

PT-2026-46398

Name of the Vulnerable Software and Affected Versions Shibby Tomato version 1.28.0000 Description An OS command injection issue exists in the Web UI component within the start vpnserver function of the /sbin/rc file. This flaw allows a remote attacker to execute arbitrary operating system command...

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-10550

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-10166

A vulnerability was determined in Edimax BR-6478AC 1.23. The affected element is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack is possible to be carried out remotely...

CVE-2026-10279

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...

EUVD-2026-33731

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...

CVE-2026-10279

The CVE-2026-10279 affects hiraishikentaro/wezterm-mcp v0.1.0. The vulnerable path is in src/wezterm_executor.ts, within the switch_pane/write_to_specific_pane component, where manipulating the argument request.params.arguments.pane_id enables an OS command injection. The vulnerability is remotel...

CVE-2026-10273

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

CVE-2026-10180

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

CVE-2026-10219 nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

EUVD-2026-33540

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

CVE-2026-10219 nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

CVE-2026-10219

CVE-2026-10219 affects NextLevelBuilder GoClaw up to version 3.11.3. The vulnerability lies in the function FsBridge.WriteFile (internal/sandbox/fsbridge.go) where manipulation can cause an OS command injection. The issue is exploitable remotely and an exploit has been made public. A patch is not...

CVE-2026-10214

The CVE affects zhayujie chatgpt-on-wechat Bash Tool (up to 2.0.8). The vulnerability is in agent/tools/bash/bash.py, _get_safety_warning, enabling os command injection via manipulated input and allowing remote exploitation. Exploit code is public (PoC), with the patch in version 2.0.9 (commit 16...

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

goclaw 操作系统命令注入漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

PT-2026-45251

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely...