#command-injection tag

1 month ago

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise

CVE-2026-2256 in ModelScope MS-Agent framework allows arbitrary OS command execution through inadequate input sanitization in the Shell tool using regex-based blacklist filtering.

1 month ago

Zyxel Patches Critical Vulnerability in Many Device Models

An attacker could exploit the flaw via crafted UPnP SOAP requests to execute OS commands on a vulnerable device. It is important to note that WAN access is disabled by default on these devices, and the attack can be carried out remotely only if both WAN access and the vulnerable UPnP function have been enabled.

Information security

fromZero Day Initiative

1 month ago

Zero Day Initiative - CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

Arista NG Firewall's runTroubleshooting() fails to properly validate inputs, enabling command injection by passing unsanitized environment variables to network-troubleshooting.sh.

2 months ago

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Multiple critical command-injection and information-disclosure vulnerabilities in Coolify allow authenticated or low-privileged users to achieve remote code execution, container escape, and root compromise.

2 months ago

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

CVE-2026-0625 permits unauthenticated command injection in D-Link DSL gateway dnscfg.cgi, enabling remote code execution and active exploitation of legacy models.

3 months ago

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection flaw in Array Networks DesktopDirect (ArrayOS ≤9.4.5.8) has been exploited since Aug 2025 to drop web shells; update to 9.4.5.9.

#rondodox

Information security

RondoDox Botnet Takes 'Exploit Shotgun' Approach

fromTheregister

Information security

RondoDox botnet fires 'exploit shotgun' at edge devices

Information security

RondoDox Botnet Takes 'Exploit Shotgun' Approach

fromTheregister

Information security

RondoDox botnet fires 'exploit shotgun' at edge devices

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely - Patch Now

A command injection vulnerability in the figma-developer-mcp MCP server (CVE-2025-53967) permits remote code execution via unsanitized user input.

Organizations Warned of Exploited Meteobridge Vulnerability

A Meteobridge command-injection vulnerability (CVE-2025-4008) has been exploited in attacks and added to CISA's Known Exploited Vulnerabilities catalog.

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

A command-injection vulnerability in Libraesva ESG allows arbitrary shell command execution via crafted compressed email attachments; patches available for ESG 5.x while 4.x is discontinued.

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.