CVE-2026-5528 MoussaabBadla code-screenshot-mcp HTTP os command injection

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...

CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

EUVD-2017-18961

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

EUVD-2017-18963

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

PT-2026-30387

Name of the Vulnerable Software and Affected Versions MoussaabBadla code-screenshot-mcp versions up to 0.1.0 Description A security issue exists in the HTTP Interface component of MoussaabBadla code-screenshot-mcp. This allows for os command injection, potentially enabling remote attacks. The...

CVE-2017-20236

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

CVE-2017-20238

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

CVE-2017-20236

The CVE concerns ProSoft Technology ICX35-HWC cellular gateways (versions 1.3 and earlier) with an input validation weakness in the web user interface. The flaw allows remote attackers to inject and execute system commands via unvalidated fields, enabling root privilege escalation and arbitrary c...

CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

CVE-2017-20236

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

CVE-2017-20235

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...

CVE-2017-20238

Hirschmann Industrial HiVision (versions 06.0.00 and 07.0.00 before 06.0.06 and 07.0.01) contains an improper authorization vulnerability that lets read-only users gain write access to managed devices by bypassing access controls. The issue affects multiple interfaces, including the web UI and SN...

CVE-2017-20238 Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

CVE-2017-20238

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

CVE-2017-20238 Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

PT-2026-30259

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...

ProSoft ICX35-HWC 授权问题漏洞

The ProSoft ICX35-HWC is an industrial-grade cellular communication gateway device developed by ProSoft Corporation. Versions of ProSoft ICX35-HWC prior to version 1.3 contained an authorization vulnerability. This vulnerability stemmed from an authentication bypass issue in the web user interfac...

ProSoft ICX35-HWC 操作系统命令注入漏洞

The ProSoft ICX35-HWC is an industrial-grade cellular communication gateway device from the ProSoft company in the United States. Versions of ProSoft ICX35-HWC prior to version 1.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from input...