Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

PT-2026-1953

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...

PT-2026-1952

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 GA Description The Ruckus vRIoT IoT Controller firmware exposes a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcod...

Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability

Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...

CLSA-2026-1767867718 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

GHSA-H4RF-624J-GJ33 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2013-6011

Citrix NetScaler Application Delivery Controller ADC 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service nsconfigd crash and appliance reboot via a crafted request...

CVE-2013-6684

The web framework on Cisco Wireless LAN Controller WLC devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011...

CVE-2019-16119

SQL injection in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php albumid parameter...

CVE-2019-12147

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...

CVE-2019-12148

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Efacec QC 安全漏洞

Efacec QC is a series of electric vehicle chargers from Efacec Portugal. A security vulnerability exists in the Efacec QC 60/90/120 that stems from a large number of ICMP requests sent that could result in a denial of service to the charger board controlling the EV interface...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-61492

The CVE describes a command injection in terminal-controller-mcp 0.1.7, specifically in the execute_command function. Attackers can inject commands via crafted input to achieve arbitrary command execution, with the CVSSv3.1 scoring indicating network access, low attack complexity, and no privileg...

VulnCheck KEV: CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...