CVE-2024-14026 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

EUVD-2026-11077

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

ROOT-OS-DEBIAN-12-CVE-2025-10911 CVE-2025-10911 in rootio-libxslt - Patched by Root

Root has patched CVE-2025-10911 in the rootio-libxslt package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-23816

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

CVE-2026-23816 Authenticated Command Injection found in admin AOS-CX CLI command

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

Cisco IOS XR 权限许可和访问控制问题漏洞

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. Cisco IOS XR has vulnerabilities related to permission licensing and access control. These vulnerabilities stem from errors in the mapping of commands to task groups in the source code, which can...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

Cursor 操作系统命令注入漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Prior to Cursor 2.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the possibility of the model executing malicious instructions, which could lead to automat...

WireMCP 操作系统命令注入漏洞

WireMCP is a real-time network traffic analysis tool developed by Koda’s individual developers. WireMCP has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the server.tool function in the Tshark CLI Command Handler component,...

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

RIOT 缓冲区错误漏洞

RIOT is an open-source operating system designed for the Internet of Things. Versions of RIOT prior to 2026.01 contain a buffer error vulnerability. This vulnerability stems from insufficient validation of buffer boundaries, which could allow attackers to corrupt adjacent stack locations, resulti...

PT-2026-24801

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the well known core resource coap well known core default handler writes user-provided option...

PT-2026-24571

Name of the Vulnerable Software and Affected Versions AOS-CX Switches affected versions not specified Description A flaw exists in the command line interface of AOS-CX Switches that could allow a remote attacker with valid credentials to execute arbitrary commands on the operating system...

Critical Photon OS Security Update - PHSA-2026-4.0-0976

Updates of 'ImageMagick', 'ruby' packages of Photon OS have been released...

EUVD-2026-10487

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33...

EUVD-2026-10594

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

CVE-2026-25178 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

...

CVE-2026-23672

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...