EUVD-2026-18795

Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step...

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2025-59106

CVE-2025-59106 concerns the binary that serves the web server for the dormakaba access manager Web UI, which runs with root privileges. The underlying issue is least-privilege violation due to the Web UI binary executing actions with highest privileges, enabling direct command execution at root i...

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

PT-2024-18680 · Unknown · Artica Proxy

Name of the Vulnerable Software and Affected Versions: Artica Proxy affected versions not specified Description: The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by...

VIGOR 2130 Command Injection / Cross Site Request Forgery

VIGOR 2130 firmware 1.5.4.9 1.1. Command injection in traceroute functionality A user can execute arbitrary commands RCE on the router by abusing the traceroute functionality. The interface expects an IP address as input, but does not validate the input. Just provide the input: ; id The above...