CVE-2025-68549 WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through 2.0.1...

CVE-2025-68549 WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through 2.0.1...

CVE-2025-68549

CVE-2025-68549 is a real vulnerability in the WordPress Wiguard theme (zozothemes) affecting versions prior to 2.0.1. Wordfence and CVE listings describe an Unrestricted Upload of File with Dangerous Type leading to arbitrary file upload (web shell) on the target server, with a CVSS score of 9.9 ...

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

PT-2026-21098

Name of the Vulnerable Software and Affected Versions zozothemes Wiguard versions prior to 2.0.1 Description A flaw exists in zozothemes Wiguard that permits the upload of a web shell to a web server through unrestricted file uploads. This allows for potentially malicious code execution. The...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

PT-2026-21316

🚨 CVE-2019-25441 thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute...

CVE-2025-70831

A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...

Brocade Fabric OS < 9.2.1c2 / 9.2.2 < 9.2.2b / 10.0.0 Information Disclosure (CVE-2026-0383)

The version of Brocade FabricOS installed on the remote host is prior to 9.2.1c2, or 9.2.2 prior to 9.2.2b, or 10.0.0 prior to 10.0.0a. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with...

CVE-2026-26323

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

CVE-2026-27476

RustFly 2.0.0 is affected by a command-injection vulnerability in its remote UI control that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. The flaw allows an attacker to send crafted hex payloads to execute arbitrary commands on the target, potentially enabling ...

Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...

GHSA-HMH4-3XVX-Q5HR Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...

CVE-2026-26189

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

📄 SofaWiki 3.9.2 Shell Upload

This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...