CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd SEC-333...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

The vulnerability of the traceroute utility in the microprogramming system of the RUGGEDCOM ROX routing and switching platform for models MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000) allows a hacker to execute arbitrary code.

The vulnerability of the traceroute utility in the microprogramming-based routing and switching platform RUGGEDCOM ROX for series MX MX5000, MX5000RE and RX RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 lies in the absence of a mechanism to verify input data on the server sid...

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Overview In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access “SMA” 100 series appliances SMA 200, 210, 400, 410, 500v. These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access ...

CVE-2025-2763

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

CVE-2025-1121

CVE-2025-1121 describes a privilege-escalation in Google ChromeOS: on devices running ChromeOS 15786.48.2, an attacker with physical access can craft a recovery image to gain root code execution and potentially unenroll enterprise-managed devices. Affected component: installer and recovery image ...

PT-2025-10016 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 123.0.6312.112 Description: The issue allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. This is a result of...

CVE-2022-3093

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...

Parallels Desktop 后置链接漏洞

Parallels Desktop is a suite of virtual machine software for the macOS platform from US-based Parallels, Inc. Parallels Desktop suffers from a backlink vulnerability that stems from an issue in the Technical Data Reporter component, whereby the service can be abused to change the permissions of...

CVE-2024-23970 ChargePoint Home Flex Improper Certificate Validation

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...

CVE-2024-11946

iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...

PT-2025-25573 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS versions 16063.45.2 and potentially others Description: The issue allows a local attacker to gain root code execution via exploiting a debug shell accessible through specific key combinations during developer mode entry and...

The vulnerability of the instance_create function in the monitoring and adaptive configuration of system devices allows a perpetrator to execute arbitrary code.

The vulnerability of the instancecreate function in the monitoring and adaptive configuration of system devices related to tuned systems lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary code with root...

The vulnerability of the binary file plctool of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3100, allows a hacker to execute any code in the root context.

The vulnerability of the binary file of the microprogramming software for modular controllers of variable current charging stations and wall-mounted charging devices, the Phoenix Contact CHARX SEC-3100, exists due to insufficient verification of input data. Exploiting this vulnerability could all...