CVE-2026-40698 iControl REST and TMSH vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a command injection vulnerability, which originates from the iControl REST an...

EUVD-2018-21831

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

CVE-2018-25310

VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated remote code execution vulnerability. An attacker with valid credentials can exploit a cross-site request forgery in the web management interface to inject and execute system commands via Tools > System > Shell, gain...

CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

PT-2026-35993

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

Microsoft Windows Shell Spoofing Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A spoofing vulnerability exists in...

PT-2026-1449

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

PT-2025-36651

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

CVE-2025-58355

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-30096

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

CLSA-2023-1691576279 Fix CVE(s): CVE-2023-38408

SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit RTU from Motorola Solutions USA. The Motorola Solutions ACE1000 RTU is vulnerable to a data forgery issue, which arises from an attacker communicating with the Motorola ACE1000 RTU via SSH or Web UI, who could push a malicious firmware imag...

Korenix Technology JetWave CSRF / Command Injection / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Korenix Technology JetWave products: JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, JetWave 3220 vulnerable version...

Inadequate SSH configuration in SICK Visionary-S CX

SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...

Python Scriptable Reverse Engineering Sandbox: PyREBox

PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to...

D-Link DSL-6850U Multiple Vulnerabilities

D-Link DSL-6850U routers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink";...

CVE-2017-11321

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command...