GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

PT-2026-48344

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL COMMANDS whitelist and achieving full Remote Code Executio...

EUVD-2026-34933

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2 has a security vulnerability. This vulnerability stems from logical flaws in the device’s API authorization mechanism. Attackers could exploit this flaw to bypass the whitelist restrictions and ma...

CVE-2026-34123

CVE-2026-34123 affects TP-Link Tapo C520WS devices. A logic flaw in the device API authorization allows a restricted account to bypass whitelist checks by abusing method mapping , enabling restricted operations to be executed. Reported impact includes device resets, unintended configuration chang...

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-22666

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...

Sanic-CORS 安全漏洞

Sanic-CORS is a cross-domain resource sharing extension developed by Ashley Sommer. Versions of Sanic-CORS 2.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper use of regular expressions in the trymatch function; no anchor is added at the end, allowing...

CVE-2026-10532

The CVE-2026-10532 issue concerns deserialization of untrusted data in QOS.CH Sarl logback-logback-core’s HardenedObjectInputStream module, allowing Object Injection when serialized data is directed at SimpleSocketServer or SimpleSSLSocketServer to instantiate Proxy objects. The vulnerability is ...

CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

CVE-2026-37227

FlexRIC v2.0.0 is affected by a crash-inducing flaw in near-RT RIC E2AP handlers. Reachable assert(0) calls exist in stub handlers for whitelisted but unimplemented E2AP message types (e.g., E2nodeConfigurationUpdate). A remote unauthenticated attacker can send a decodable E2AP PDU of such a type...

CVE-2026-9828

CVE-2026-9828 is a deserialization whitelist bypass in Logback Core’s HardenedObjectInputStream. In affected builds up to 1.5.32, an attacker who can influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer could instantiate objects from java.lang and java.util that are not b...

CVE-2026-9828 Logback deserialization whitelist bypass for java.lang and java.util

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgeing. This vulnerability allows authenticated users with connector management privileges to bypass the connectio...

CVE-2026-33376

CVE-2026-33376 affects Grafana’s Auth Proxy IPv6 allow-list: by default it accepts /32 addresses. Addresses with explicit masks are not affected. The practical impact is a potentially unintended bypass of access controls for the Auth Proxy component only; other components (Okta, SAML, LDAP) are u...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 13.1.10 had code vulnerabilities. These vulnerabilities stemmed from the use of default redirection behavior in fetch calls, which could allow Cloudflare Workers to bypass domain whitelist checks...