CVE-2026-33793 Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793 Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793

CVE-2026-33793 describes an Execution with Unnecessary Privileges in the Junos OS/Junos OS Evolved UI. If a device has a configuration that allows unsigned Python op scripts, a non-root user can run malicious op scripts and escalate to root-equivalent privileges, compromising the system. Affected...

EUVD-2025-209373

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-1490

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...

CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...

CVE-2026-34184 Missing Authorization in Hydrosystem Control System

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...

PT-2026-31605

Name of the Vulnerable Software and Affected Versions WAGO PLC versions affected versions not specified Description An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are...

PT-2026-31729

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants...

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

PT-2026-31600

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description The Hydrosystem Control System does not properly enforce authorization for certain directories. This allows an unauthorized attacker to read all files within these directories and...

CVE-2025-45806

CVE-2025-45806 describes a cross-site scripting (XSS) vulnerability in the rrweb-snapshot package prior to 2.0.0-alpha.18 . An attacker can inject a crafted payload to execute arbitrary scripts in affected environments. Affected component: rrweb-snapshot (DOM serialization). Underlying issue cite...

SUSE CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

CVE-2026-3199

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

EUVD-2024-33452

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to injec...

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

CVE-2026-33229

XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...

CVE-2026-25776

Movable Type by Six Apart Ltd. contains a code injection vulnerability that may allow an attacker to execute arbitrary Perl scripts. The CVE-2026-25776 entry lists very high impact across confidentiality, integrity, and availability (per CVSS 4.0/3.0 metrics), with NETWORK attack vector, LOW comp...

CVE-2026-3239

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...