SUSE CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2020-37166

AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate...

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

Celestial AbsoluteTelnet 安全漏洞

Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.12 of Celestial AbsoluteTelnet contains a security vulnerability, which stems from improper handling of the license name input field. This vulnerability could lead to...

CVE-2020-37166

CVE-2020-37166 affects AbsoluteTelnet 11.12. The vulnerability resides in the SSH2 username input field where a local attacker can overwrite the username with a 1000-byte buffer, causing the application to become unresponsive and terminate (Denial of Service). The root cause is a handling/validat...

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

CVE-2020-37095

The connected PTsecurity entry confirms CVE-2020-37095 affects Cyberoam Authentication Client 2.1.2.7 and describes a buffer overflow that overwrites Structured Exception Handler (SEH) memory. An attacker can supply a crafted value in the Cyberoam Server Address field to trigger a bind TCP shell ...

CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

PT-2026-6813

Name of the Vulnerable Software and Affected Versions Cyberoam Authentication Client version 2.1.2.7 Description The Cyberoam Authentication Client software contains a buffer overflow issue that enables remote attackers to run code without permission by overwriting Structured Exception Handler SE...

📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload

WordPress Royal Elementor Addons plugin version 1.3.78 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : WordPress Royal Elementor Addons 1.3.78 RCE ...

Exploit for CVE-2026-25643

CVE-2026-25643: Frigate NVR = 0.16.3 Authenticated RCE Ex...

CVE-2020-37123

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

CVE-2020-37136

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...

CVE-2020-37136

CVE-2020-37136 affects ZOC Terminal 7.25.5. A denial-of-service condition is triggered by overwriting the private key file input with a ~2000-byte buffer during SSH key file creation, causing the application to become unresponsive. Affected component: private key file input handling in ZOC Termin...

CVE-2020-37123 Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 Scanner – GNU inetutils telnetd Auth Bypass...

CVE-2026-1791

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...