CVE-2026-29109

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-62577

ETERNUS SF by Fsas Technologies Inc. is affected by an incorrect default permissions (CWE-276) vulnerability. A low-privileged user with access to the management server may obtain database credentials and could potentially execute OS commands with administrator privileges . The issue is associate...

CVE-2025-59978

CVE-2025-59978 is a Cross-Site Scripting vulnerability in Juniper Networks Junos Space (pre-24.1R4). The issue arises from improper neutralization of input during web page generation, allowing an attacker to store script tags in web pages that, when viewed by another user, can execute commands wi...

EUVD-2020-25324

Malware in sbrugna...

EUVD-2023-23945

Malicious code in bioql PyPI...

CVE-2020-4074

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6...

VulnCheck KEV: CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

PT-2023-5576 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the SolarWinds Orion Platform, which can allow an attacker to execute arbitrary commands with NETWORK...

Multiple vulnerabilities in Proself

Overview Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 OS command injection CWE-78 - CVE-2023-39416 The developer states that attacks exploiting these...

CVE-2023-23843

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

CVE-2023-1722

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

CVE-2022-45600

Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login...

CVE-2022-44036

In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...

Contec FLEXLAN FX3000和FX2000 安全漏洞

The Contec FLEXLAN FX3000 and Contec FLEXLAN FX2000 are both wireless LAN access points from Contec Japan. A security vulnerability exists in the Contec FLEXLAN FX3000 version prior to 1.16.00 and the FX2000 version prior to 1.39.00. An attacker could exploit this vulnerability to execute arbitra...

CVE-2020-4074

CVE-2020-4074 affects PrestaShop 1.5.0.0 up to 1.7.6.5 (fixed in 1.7.6.6). The authentication system is malformed, enabling an attacker to forge requests and execute admin commands. Affected component is the authentication/admin command path; root cause described as improper/authentication handli...