CVE-2026-9787

CVE-2026-9787 affects Quest NetVault Backup, specifically the NVBULogDaemon component that processes JSON-RPC messages. The vulnerability stems from insufficient validation of user-supplied strings before they are used in system calls, enabling a remote attacker to execute code with SYSTEM privil...

CVE-2026-9786

CVE-2026-9786 affects Quest NetVault Backup NVBUDashboard. The flaw is a SQL injection in the NVBUDashboard JSON-RPC message processing that fails to validate a user-supplied string used to build SQL queries, allowing code execution in the context of NETWORK SERVICE. Authentication is required to...

CVE-2026-9785

Affected product: Quest NetVault Backup NVBULibrarySlot.Root cause: Missing validation of a user-supplied string used to build SQL queries in NVBULibrarySlot JSON-RPC processing, enabling SQL injection.Impact: Remote code execution in the context of NETWORK SERVICE. Authentication is required but...

CVE-2026-9784

CVE-2026-9784 affects Quest NetVault Backup, specifically the NVBULibraryPort JSON-RPC handling. The vulnerability arises from insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can lead to remote code execution in the NETWORK SERVICE cont...

CVE-2026-9783

CVE-2026-9783 affects Quest NetVault Backup, specifically the NVBURemovableMedia JSON-RPC handling. The flaw is due to insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can execute code in the context of NETWORK SERVICE. Authentication is...

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive is affected by a SQL Injection in the JSON‑RPC message processing path. The flaw stems from improper validation of a user-supplied string used to construct SQL queries, enabling an attacker to execute arbitrary code in the context of NETWORK SERVICE. Authenti...

CVE-2026-9781

CVE-2026-9781 affects Quest NetVault Backup NVBURASDevice component. The issue is an SQL Injection in the NVBURASDevice JSON-RPC message processing due to improper validation of user-supplied input used to build SQL queries. Exploitation could allow remote code execution with the context of NETWO...

CVE-2026-9780

CVE-2026-9780 affects Quest NetVault Backup, specifically the addclient3 webpage. The flaw arises from insufficient validation of user-supplied data, enabling cross-site scripting that can be leveraged to bypass authentication and execute code in the context of SYSTEM. Exploitation requires user ...

CVE-2026-7570

Quest NetVault Backup NVBUDashboard is affected by an SQL Injection leading to Remote Code Execution. The flaw occurs in NVBUDashboard JSON-RPC message handling due to improper validation of a user-supplied string used to construct SQL queries, allowing code execution in the NETWORK SERVICE conte...

CVE-2026-9779

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

CVE-2026-9778

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-9777

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2026-9773

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

CVE-2026-54067

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...