LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infr...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1059 — Command and Scripting Interpreter (Execution)
Clear filter38 articles found
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S.
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI...
Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet
Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco war...
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy,...
Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary comma...
CP Plus 8 Ch. Network Video Recorder
View CSAF Summary Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or ...
[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
MeiG Smart FORGE_SLT711 - OS Command Injection
Ubiquiti patches three critical vulnerabilities in UniFi OS
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing un...
ZDI-26-319: Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is requir...
ZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is requir...
Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary ...
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Expo...
Universal Robots Polyscope 5
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. The following versions ...
Operation SilentCanvas: Attackers use .jpeg files to deliver malware
Attackers are weaponizing .jpeg files to deliver PowerShell payloads, trojanize ScreenConnect, and establish persistence on target systems.
ClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 Proxy
A newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySox...
[webapps] glances 4.5.2 - command injection
glances 4.5.
Fake Claude Code takes the IElevator to your browser secrets
Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, a...
Magecart Hackers Exploit Google Tag Manager to Inject Credit Card Skimmers
Magecart-style attackers are once again abusing trusted web services, this time weaponizing Google Tag Manager (GTM) to inject credit card skimmers into ecom...