Exploit for CVE-2026-4631

CVE-2026-4631 — Code Analysis Cockpit: Unauthenticated Rem...

Exploit for Path Traversal in Gogs

GOGS RCE cve-2025-8110 Gogs is a lightweight and self-hosted...

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

EUVD-2025-208581

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots

Summary system.run env override sanitization allowed dangerous override-only helper-command pivots to reach subprocesses. A caller who could invoke system.run with env overrides could bypass allowlist/approval intent by steering an allowlisted tool through helper-command or config-loading...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GITSSHCOMMAND command. An attacker can execute arbitrary code and gain full control over the system by remotely overwriting configuration files. Remediation Upgrade Weblate to version 5.15.1 or higher...

GHSA-4C65-9GQF-4W8H Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the runsshcommandwithcredentials function. An attacker can execute arbitrary commands on the host system by supplying crafted values for the username, host, o...

HSEC-2023-0009 git-annex command injection via malicious SSH hostname

git-annex command injection via malicious SSH hostname git-annex was vulnerable to the same class of security hole as git's CVE-2017-1000117. In several cases, git-annex parses a repository URL, and uses it to generate a ssh command, with the hostname to ssh to coming from the URL. If the hostnam...

EUVD-2014-3069

Malware in sbrugna...

EUVD-2023-38335

Malicious code in bioql PyPI...

EUVD-2024-37382

Malicious code in bioql PyPI...

EUVD-2025-20681

Malicious code in bioql PyPI...

CVE-2025-4663

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service DoS. The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inlin...

CVE-2025-4663 Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service DoS. The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inlin...

CVE-2025-4663

CVE-2025-4663 describes an Improper Check for Unusual or Exceptional Conditions in Brocade Fabric OS (FOS) before 9.2.2.a. The issue can allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS) when a remote invocation of the remote support utility (supportsave) is interr...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

MGASA-2025-0158 Updated dropbear packages fix security vulnerability

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

Update Rollup 3 for System Center 2022 Orchestrator

Update Rollup 3 for System Center 2022 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions for this update. Issues that are fixed Read Line activity...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...