CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

EUVD-2026-5355

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

GHSA-RF4G-89H5-CRCR melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

PT-2026-6058

Name of the Vulnerable Software and Affected Versions Hillstone Networks Operation and Maintenance Security Gateway versions V5.5ST00001B113 Hillstone Networks Security Gateway version V5.5 Description The software contains a flaw related to unrestricted file uploads, potentially allowing an...

PT-2026-6475

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Emacs vulnerabilities (USN-8011-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8011-1 advisory. It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp- completion-at-point on untrust...

PT-2026-6264

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.12 n8n versions prior to 2.4.0 Description n8n is a workflow automation platform. Before versions 1.123.12 and 2.4.0, workflows processing uploaded files and transferring them to remote servers via the SSH node lack...

melange 操作系统命令注入漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure By Pham Duy Phuc and Alex Lanstein · February 4, 2026 Updated February 9, 2026: This analysis has been updated to clarify malware naming conventions. Introduction Russian state-sponsored threat group APT28...

OctoPrint 1.11.2 - File Upload

Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...

PT-2026-6271

Name of the Vulnerable Software and Affected Versions melange versions 0.10.0 through 0.40.2 Description melange enables users to construct APK packages utilizing declarative pipelines. A flaw exists in versions 0.10.0 up to, but not including, 0.40.3 where an attacker capable of manipulating...

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

OpenClaw < 2026.1.29 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.29. It is, therefore, affected by multiple vulnerabilities: - A command injection vulnerability exists in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the working-directory field when user-supplied input is embedded into shell scripts without proper quote escaping. An attacker can execute arbitrary shell commands by providing crafted build input values that are...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the working-directory field when user-supplied input is embedded into shell scripts without proper quote escaping. An attacker can execute arbitrary shell commands by providing crafted build input values that are...

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...