EUVD-2026-12214

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

EUVD-2026-10492

SQL Injection CWE-89 in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests...

EUVD-2026-10493

SQL Injection CWE-89 in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests...

CVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

CVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

CVE-2026-3843

CVE-2026-3843 affects Nefteprodukttekhnika BUK TS-G Gas Station Automation System (Linux) version 2.9.1. The flaw is a SQL Injection in the system configuration module, exploitable via HTTP POST to /php/request.php with the sql parameter (example: action=do&sql=&reload_driver=0), potentially enab...

PT-2026-24203

Name of the Vulnerable Software and Affected Versions Nefteprodukttekhnika BUK TS-G Gas Station Automation System version 2.9.1 Description The system contains a SQL Injection issue in the system configuration module. An attacker can send crafted HTTP POST requests to the /php/request.php endpoin...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

Easyndexer 路径遍历漏洞

Easyndexer is a database interface software developed by rul10’s individual developer. Version 1.0 of Easyndexer has a path traversal vulnerability. This vulnerability stems from the file parameter in the showtif.php file, which allows arbitrary file downloads, potentially leading to the download...

CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...

CVE-2026-21422

Dell PowerScale OneFS (versions 9.10.0.0–9.10.1.5 and 9.11.0.0–9.12.0.1) contains an external control of a system or configuration setting vulnerability. A high-privileged attacker with local access could potentially exploit this to bypass protection mechanisms. The available references describe ...

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the collectConfigEnvVars function. An attacker can execute arbitrary code in the service runtime environment by injecting malicious...

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

CVE-2026-23598

CVE-2026-23598 involves vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API. The issue could allow an unauthenticated remote attacker to obtain sensitive information, including user accounts, roles, and system configuration, and to gain insight into internal se...

CVE-2026-23597 Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

CVE-2026-23597 Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

PT-2026-20308

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking 5G Core versions affected versions not specified Description An issue exists in the API error handling of an HPE Aruba Networking 5G Core server API that could allow an unauthenticated remote attacker to obtain sensitive...