cups security update

An update is available for cups. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Common UNIX Printing System CUPS provides a portable printing layer for Linu...

CVE-2024-48017

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code...

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect processing of syntaxically incorrect structures, allowing attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the improper processing of syntaxically incorrect structures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands by sending specially crafted HTTP/S...

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect processing of syntaxically incorrect structures, allowing attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the improper processing of syntaxically incorrect structures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands by sending specially crafted HTTP/S...

The vulnerability of Microprogramming Software in the Wiren Board controller, related to access control errors, allows a intruder to execute arbitrary commands.

The vulnerability of Microprogramming software for Wiren Boards, related to access control errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially crafted URL command remotely...

CVE-2023-20118

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user...

CVE-2023-20026

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input with...

Cyber Panel 2.3.x Remote Command Execution

Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...

PT-2025-14769 · Dell · Dell Powerprotect Data Domain

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions prior to 8.3.0.15 Description: The issue is related to insufficient granularity of access control. An authenticated user from a trusted remote client could exploit...

Craft CMS 3.9.14 Remote Command Execution

Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...

D Tale 3.15.1 Remote Command Execution

D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...

Backdrop CMS 1.27.1 Remote Command Execution

Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...

The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system, related to the failure to eliminate special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Palo Alto GlobalProtect App Windows 6.0.x < 6.0.11 / 6.1.x < 6.1.6 / 6.2.x < 6.2.5 / 6.3.x < 6.3.3 Execution of Unsafe ActiveX Control (CVE-2025-0118)

The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.6, 6.2.x prior to 6.2.5, or 6.3.x prior to 6.3.3. It is, therefore, affected by a remote command execution vulnerability: - A vulnerability in the Palo Alto Networks...

Commvault Critical Webserver Vulnerability (CV_2025_03_1)

A critical webserver vulnerability exists in Commvault. A remote attacker can exploit this to execute arbitrary commands. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-26290 Authenticated Remote Command Injection affecting Avid NEXIS

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance SDA+ on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS...

The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.

The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VICIdial 2.14-917 Remote Command Execution

VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...

WordPress Bit File Manager 6.5.5 Race Condition / Code Injection

WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...

Wp2Fac 1.0 Code Injection

Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...