509 matches found
CVE-2026-23815
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...
PT-2026-24570
Name of the Vulnerable Software and Affected Versions AOS-CX Switches affected versions not specified Description A flaw exists in a custom binary within the AOS-CX Switches' Command Line Interface CLI. A remotely authenticated attacker with high privileges can exploit this issue to inject...
HPE AOS-CX 安全漏洞
HPE AOS-CX is a network operating system developed by Hewlett-Packard Enterprise HPE for data centers, campuses, and edge locations. It is designed to provide flexible and innovative network services while enhancing network performance. HPE AOS-CX contains a security vulnerability, which stems fr...
CVE-2026-25836
An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process. An attacker can cause unauthorized commands to be persisted as trusted entries by submitting a shell command with an unquoted character,...
CVE-2026-30225 OliveTin: RestartAction always runs actions as guest
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225 OliveTin: RestartAction always runs actions as guest
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
EUVD-2026-9939
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
OpenClaw 安全漏洞
OpenClaw is a tool for executing restricted commands that supports controlling command execution through a whitelisting mechanism. A command injection vulnerability exists in OpenClaw. An attacker could use this vulnerability to execute unauthorized commands bypassing command restrictions...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the approval-enabled host=node workflows. An attacker can bypass intended approval integrity by reusing a previously approved request with altered environment...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run command resolution. An attacker can execute unauthorized commands on a trusted Windows node by submitting a benign command for approval and then...
EUVD-2026-8963
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
CVE-2026-27772 concerns WebSocket endpoints used by OCPP in EV Energy ev.energy deployments. The authenticated requirement is missing: an unauthenticated attacker can connect to the OCPP WebSocket endpoint with a known or discovered charging-station identifier and issue or receive OCPP commands a...
PT-2026-22231
Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communication affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations...
PT-2026-22232
Name of the Vulnerable Software and Affected Versions EV2GO affected versions not specified Description The software’s WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations without authorization and manipulate data transmitted to the backen...
CVE-2025-33179
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...
CVE-2025-33179
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...
CVE-2025-33179
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...