Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

CVE-2026-34928

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

PT-2026-40921

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 17.0 through 17.9 PostgreSQL versions 18.0 through 18.3 Description SQL injection in the pg createsubscriber function allows an attacker with pg create subscription rights to execute arbitrary SQL commands with superuser...

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...

PT-2026-40354

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description A heap-based buffer overflow in a Network management service allows an unauthenticated remote attacker to execute arbitrary code as a privileged user on t...

CVE-2026-22166

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

Siemens APE1808 Use of Externally-Controlled Format String (CVE-2024-45324)

A use of externally-controlled format string vulnerability in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through...

PT-2026-24197

Name of the Vulnerable Software and Affected Versions ASSA ABLOY Visionline versions prior to 1.33 Description An issue exists in ASSA ABLOY Visionline that allows for configuration or environment manipulation due to incorrect default permissions, leading to execution with unnecessary privileges...

EUVD-2025-206378

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2026-21223

Improper privilege management in Microsoft Edge Chromium-based allows an authorized attacker to bypass a security feature locally...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004403 advisory. A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held...

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2025-37176

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...

CVE-2025-37172

CVE-2025-37172 maps to Aruba Networks AOS-8 web-based management interface, where authenticated command injection could allow a privileged OS command execution. Connected advisories confirm affected Web UI components and indicate fixes have been released for AOS-8 (and AOS-10). The CVSSv3.1 base ...

CVE-2025-37170 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

Dell Secure Connect Gateway 安全漏洞

Dell Secure Connect Gateway Dell SCG is a secure connect gateway from Dell USA. A security vulnerability exists in Dell Secure Connect Gateway versions 5.26 through 5.30, which originates from execution with unnecessary privileges and could result in elevated privileges...

CVE-2025-33224

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering...

CVE-2025-33224

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering...