PoC Archive PoC Archive

tag

Command-Injection

Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03· curl / libcurl (SMTP support) unpatched
High
Authenticated Command Injection in LiteLLM MCP Test Endpoints (CVE-2026-42271)
CVE-2026-42271· BerriAI LiteLLM (proxy) — MCP preview/test endpoints patched
Critical
Ubiquiti UniFi OS Unauthenticated RCE Chain (CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910)
CVE-2026-34908, CVE-2026-34909, CVE-2026-34910· Ubiquiti UniFi OS Server patched
High
Cisco Catalyst SD-WAN Manager Privilege Escalation (CVE-2026-20245)
CVE-2026-20245· Cisco Catalyst SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN Validator (vBond) unpatched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800· Notepad++ unpatched
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400· Palo Alto Networks PAN-OS GlobalProtect gateway patched