CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

Exploit for CVE-2026-25828

CVE-2026-25828 - Command Injection in grub-btrfs initramfs hoo...

CVE-2026-20098

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

CVE-2025-58382

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...

PT-2026-5757

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c2 Description A security issue exists in the authentication and management services of Brocade Fabric OS. An authenticated remote attacker with administrative privileges can execute arbitrary commands ...

CVE-2025-15545

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

Privilege escalation in Brocade Fabric before 9.2.1c2 and 9.2.2 through 9.2.2a (CVE-2025-58382)

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload...

Incus container environment configuration newline injection

Summary A user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This c...

CVE-2024-39148

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...

PT-2026-1952

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 GA Description The Ruckus vRIoT IoT Controller firmware exposes a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcod...

KAON CG3000TC和KAON CG3000T 信任管理问题漏洞

The KAON CG3000TC and KAON CG3000T are both high-performance wireless gateways from KAON Japan. The KAON CG3000TC and KAON CG3000T suffer from a trust management issue vulnerability that stems from firmware containing hard-coded plaintext credentials, which could allow an unauthenticated, remote...

CVE-2017-20216

CVE-2017-20216 concerns FLIR Thermal Camera PT-Series firmware 8.0.0.64, where multiple unauthenticated remote command injection vulnerabilities exist in the controllerFlirSystem.php script. The root cause is unsanitized POST parameters in the execFlirSystem() function leading to shell_exec() cal...

CVE-1999-0163

In older versions of Sendmail, an attacker could use a pipe character to execute root commands...

CVE-1999-0088

IRIX and AIX automountd services autofsd allow remote users to execute root commands...

CVE-2019-16519

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks...

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...