CVE-2026-9862 Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

CVE-2026-9862

CVE-2026-9862 affects Fortra’s Core Privileged Access Manager (BoKS). The vulnerability is an OS command injection in the boks_autoregisterd service that can be exploited by a remote attacker with network access to execute commands with the service’s privileges during autoregistration processing....

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

baserCMS 操作系统命令注入漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had a vulnerability related to operating system command injection. This vulnerability originated from the core module of the installation process. Attackers could...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

CVE-2020-37048 Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would ...

CVE-2022-26236

The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data...

CVE-2023-7327

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service,...

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

CVE-2025-34280

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...

CVE-2013-10073

CVE-2013-10073 affects Nagios XI versions prior to 2012R1.6. The Auto-Discovery tool accepts user-controlled input that is passed to a shell without adequate sanitation or argument quoting, enabling an authenticated user with discovery access to execute arbitrary commands with the privileges of t...

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

EUVD-2025-33577

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

CVE-2025-35053

Summary of findings (CVE-2025-35053): Newforma Info Exchange (NIX) exposes a vulnerability in the endpoint "/UserWeb/Common/MarkupServices.ashx" where the command DownloadExportedPDF allows an authenticated user to read and delete arbitrary files with the NT AUTHORITY\NetworkService privileges. T...

CVE-2025-35053 Newforma Info Exchange (NIX) arbitrary file read and delete

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A directory traversal vulnerability exists in Newforma Project...

PT-2025-41469

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX allows authenticated users to read and delete arbitrary files with 'NT AUTHORITYNetworkService' privileges through requests to the...