CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30650

Vivotek FD8136 cameras (firmware FD8136-VVTK-0300a) expose a post-authentication remote buffer overflow in the /cgi-bin/admin/eventtask.cgi endpoint. An authenticated attacker can remotely execute arbitrary code with root privileges. The issue is characterized by CVE-2026-30650 with a high impact...

CVE-2026-49199

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

CVE-2026-49199 Predator Connect W6x: RCE via MQTT

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

CVE-2026-44712

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

EUVD-2026-32662

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

CVE-2025-41669 Insufficient Verification of Data Authenticity

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

EUVD-2025-209952

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

CVE-2025-41669

The CVE-2025-41669 entry concerns the PLCnext platform’s Web-based Management. A remote, low-privileged Engineer can install additional APPs downloaded from the PLCnext Store without data verification, enabling arbitrary code execution with root privileges on the PLCnext Control. This could impac...

pam_usb 参数注入漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contained a parameter injection vulnerability. This vulnerability stems from the use of specially crafted UUIDs in configurations e.g., $id/tmp/rce,...

PT-2026-43541

Name of the Vulnerable Software and Affected Versions PLCnext Control affected versions not specified Description The Web-based Management interface lacks a data verification mechanism when installing additional APPs downloaded from the PLCnext Store. This allows a remote low-privileged Engineer...

CVE-2026-20199

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...

PT-2026-41897

Name of the Vulnerable Software and Affected Versions HestiaCP versions 1.9.0 through 1.9.4 Description A deserialization issue exists in the web terminal component due to a session format mismatch between PHP and Node.js. This allows unauthenticated remote attackers to achieve root-level code...

📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution

This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypass...

CVE-2026-44194

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

SUSE CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet...

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

CVE-2026-6213

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...