UBUNTU-CVE-2026-35349

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a post-installation link vulnerability. This vulnerability stems from the rm utility allowing bypass of the --preserve-root protection. Instead of using device and inode numbers fo...

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

TP-Link多款产品 安全漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. Several TP-Link products have security vulnerabilities. These vulnerabilities stem from improper handling of wireless control management CLI commands. This could allow authenticated attackers with administrative privileges to...

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W) (CVE-2026-20046)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affecte...

GHSA-QWCC-2R77-5W2F sd changes the group ownership of the source file

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

CVE-2025-65807

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

PT-2025-48774

ASUS warns of a critical flaw in AiCloud routers CVE-2025-593656. Attackers can remotely run OS commands no login needed. • Update firmware • Disable AiCloud/Samba/WAN access if no patch • Replace end-of-life devices • Strengthen passwords https://t.co/Dt2oT0g298...

cmd/go: Go VCS Command Execution Vulnerability

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

ComSndFTP FTP Server 安全漏洞

ComSndFTP FTP Server is an FTP server software from ComSndFTP, Inc. A security vulnerability exists in ComSndFTP FTP Server version 1.3.7 Beta that stems from a format string vulnerability in the handling of the USER command, which could lead to the execution of arbitrary code...

TurboFTP Server 安全漏洞

TurboFTP Server is a client from TurboFTP, Inc. that supports the FTP and SFTP protocols. A security vulnerability exists in TurboFTP Server versions 1.30.823 and 1.30.826, which stems from not handling the PORT command correctly, and could lead to a buffer overflow and arbitrary code execution...

The vulnerability of the PLS FTP-server command in the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the PLS FTP-server’s command line interface is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

The vulnerability of the anti-virus command in the Junos OS operating system’s SRX routers allows a hacker to cause a service failure.

The vulnerability of the Junos OS operating system’s SRX series router drivers relates to the absence of memory release after the effective lifespan of the devices. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the...

OESA-2024-1858 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img...

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...