CVE-2026-27130

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

CVE-2026-45350

Open WebUI (self-hosted AI platform) has a vulnerability in the chat_completion API prior to version 0.8.6 where user-supplied tool_ids/tool_servers are used to build a tools_dict without permission checks. This allows invoking any server tool using the server’s credentials, bypassing tool restri...

CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

EUVD-2025-208467

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution from Cisco, Inc. It is used to manage access to network resources by endpoints, users, and devices in a zero-trust architecture. A security vulnerability exists in Cisco ISE that stems from unverified administrator privileges on the server side, which could lead to...

File Write Vulnerability in ModStartCMS of Xi'an Yan Yan Information Technology Co.

ModStartCMS is a modular content management system based on the Laravel framework. A file write vulnerability exists in ModStartCMS, which can be exploited by attackers to gain server privileges...

SUSE CVE-2013-1531

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges...

SUSE CVE-2013-2381

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges...

SUSE CVE-2015-2567

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges...

SUSE CVE-2016-5439

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges...

showdoc 代码问题漏洞

showdoc is open source a great tool for IT teams to share documents online. ShowDoc has a security vulnerability that can be exploited by attackers to gain server privileges...

yongyou PLM 命令注入漏洞

Yonyou yongyou PLM is a data management platform from CN UFIDA Network Technology Yonyou. A security vulnerability exists in yongyou PLM, which can be exploited by attackers to gain server privileges...

Command Execution Vulnerability in Huaxia ERP (CNVD-2020-70782)

Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . HUAXIA ERP has a command execution vulnerability. Attackers can use this vulnerability to...

Code Execution Vulnerability in Netgear Prosafe WMS5316

The NETGEAR WMS5316, Wireless Controller is an easy-to-use device that simplifies the creation and management of wireless networks. A code execution vulnerability exists in the Netgear WMS5316. An attacker could exploit this vulnerability to gain server privileges...

Command Execution Vulnerability in the Backend of Wild Rain Novel CMS (CNVD-2020-68554)

Wild Rain Fiction Content Management System provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. Rain Novel cms backend command execution vulnerability , attackers can use the vulnerability to obtain server privileges...

Command Execution Vulnerability in Curtains of Beijing KunDou Technology Co.

Curtain is a mind mapping software for computers. A command execution vulnerability exists in Beijing Kundu Technology Co Ltd Curtains. An attacker can exploit this vulnerability to gain server privileges...

Command Execution Vulnerability in GoLink (Windows Client)

GoLink is a software dedicated to providing quality network acceleration services. A command execution vulnerability exists in GoLink Windows client. An attacker can exploit the vulnerability to execute commands and gain server privileges...

File Containment Vulnerability in Tongda OA11.2

Ltd. is subordinate to China National Weapons Industry Information Center CNWIIC, which is referred to as Tongda Xinke. A file inclusion vulnerability exists in Tongda OA11.2, which can be exploited by an attacker to obtain server administrative privileges...

Remote Command Injection Vulnerability in TP-LINK Archer AX50

TP-LINK is a leading global supplier of network communication equipment. A remote command injection vulnerability exists in the TP-LINK Archer AX50, which can be exploited by an attacker to gain server privileges...

Command Execution Vulnerability in the Backend of Guojiz International Web Site Navigation System

Guojiz International Website Navigation System is developed by ThinkPHP5.0+PHP7.0+Mysql+Apache/Nginx/iis, which is suitable for small and medium-sized webmasters to build a CMS program. Guojiz international web site navigation system backend command execution vulnerability, attackers can use the...