PT-2026-23387

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

PT-2026-23615

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. A flaw exists in the RestartAction functionality where a low-privileged authenticated user can execute actions they are...

WordPress plugin Lendiz 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23403

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through = 1.2.12...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.2)

The version of AHV installed on the remote host is prior to AHV-11.0.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.2 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust...

WordPress plugin Nutrie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant. OpenClaw has a vulnerability related to operating system command injection. This vulnerability stems from the exec-approvals permission list validation mechanism, which checks the argv tokens in a pre-expanded manner but actually execut...

PT-2026-23142

Name of the Vulnerable Software and Affected Versions Nutrie versions prior to 2.0.1 Description A flaw exists in Nutrie that permits the unrestricted upload of files with dangerous types, potentially allowing an attacker to upload a web shell to a web server. Recommendations Update Nutrie to...

PT-2026-23140

Name of the Vulnerable Software and Affected Versions Lendiz versions prior to 2.0.1 Description The software contains a flaw due to unrestricted file upload with a dangerous type, allowing the upload of a web shell to a web server. Recommendations Update to a version newer than or equal to 2.0.1...

Exploit for Embedded Malicious Code in Tukaani Xz

xzdoor-poc !License: MIThttps://img.shields.io/badge/Lice...

Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...

GHSA-95FJ-3W7G-4R27 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Overview Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the processing of the X-Nuclio-Arguments HTTP header, which is incorporated into shell commands without validation or sanitization. An attacker can...

EUVD-2026-9419

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

CVE-2026-20009

The vulnerability CVE-2026-20009 affects Cisco Secure Firewall ASA Software and stems from insufficient validation during SSH authentication in the proprietary SSH stack. An unauthenticated, remote attacker could log in to an ASA device as a specific user without the user’s private key, provided ...

CVE-2026-20009 Cisco Secure Firewall Adaptive Security Appliance SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...