CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

PT-2026-21927

Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 version 1.0.13.210200 Description A flaw exists due to missing neutralization of special elements, allowing for OS command injection via the TLS-SRP connection handshake. Successful exploitation results in...

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

CVE-2026-1459

CVE-2026-1459 describes a post-authentication command-injection vulnerability in Zyxel VMG3625-T50B devices, affecting firmware up to 5.50(ABPM.9.7)C0. The issue is in the TR-369 certificate download CGI program; an authenticated administrator can execute OS commands on the device. Metrics indica...

CVE-2025-13943

CVE-2025-13943 concerns Zyxel EX3301-T0 devices with firmware versions up to 5.50(ABVY.7)C0. The issue is a post-authentication command injection in the log file download function that could enable an authenticated attacker to run OS commands on the device. According to the connected documents, t...

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

PT-2026-21645

Name of the Vulnerable Software and Affected Versions Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 Description A post-authentication command injection exists in the TR-369 certificate download CGI program. An authenticated attacker with administrator privileges could execute...

PT-2026-21644

Name of the Vulnerable Software and Affected Versions Zyxel EX3301-T0 firmware versions through 5.50ABVY.7C0 Description A post-authentication command injection issue exists in the log file download function. This could allow an authenticated attacker to execute operating system OS commands on an...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

CVE-2026-1731 Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

EPyT-Flow 代码问题漏洞

EPyT-Flow is an open-source Python package developed by ERC Synergy Grant Water Futures, designed for generating hydraulic and water quality scenario data for water distribution networks. Versions of EPyT-Flow prior to 0.16.1 contained code vulnerabilities. These vulnerabilities stemmed from the...

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

PT-2026-5873

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V5.35 through V5.41 Zyxel USG FLEX series versions V5.35 through V5.41 Zyxel USG FLEX 50W series versions V5.35 through V5.41 Zyxel USG20W-VPN series versions V5.35 through V5.41 Description A post-authentication...

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

Improper Control of Dynamically-Managed Code Resources

Overview Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox. An attacker can execute arbitrary operating system commands by injecting malicious Groovy elements to bypass sandbox restrictions. Remediation Upgrade...

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

CVE-2026-1770

CVE-2026-1770 affects Crafter CMS, specifically Crafter Studio. The vulnerability arises from Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox, enabling authenticated developers to insert malicious Groovy code to bypass sandbox restrictions and achieve Remote Code Exe...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

EUVD-2020-30945

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...