48 matches found
CVE-2026-54686
Warp: CVE-2026-54686 enables DCS lifecycle hook spoofing in Warp’s PTY stream, allowing attacker-controlled terminal output to spoof lifecycle metadata (e.g., working directory, SSH transport metadata) for active sessions. Technical details in connected PoC describe additional remote command inje...
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
EUVD-2019-10522
Malware in sbrugna...
EUVD-2025-27614
Malicious code in bioql PyPI...
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
CVE-2025-9997
CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
PT-2025-36978
Name of the Vulnerable Software and Affected Versions: BLMon Console affected versions not specified Description: An OS Command Injection issue exists due to improper neutralization of special elements used in an OS command. This could allow for the execution of arbitrary shell commands when...
CVE-2025-5689 Improper Permission Management in SSH Session Handling
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
SUSE CVE-2024-52010
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
Ovarro TBox RTUs 授权问题漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. An authorization issue vulnerability exists in Ovarro TBox RTUs that stems from allowing a low-privileged user to access higher-privileged software security tokens, potentially allowing an attacker to...
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Over the last year, two-thirds of the exploit modules added to Metasploit Framework have targeted command injection vulnerabilities CWE-94: Improper Control of Generation of Code. In the process of helping new and existing open-source contributors learn how to use Metasploit’s command stager...