TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

Tendenci security vulnerabilities

Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 12.3...

[BSA-128] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2026-23953 CVE-2026-23954 Two security issues were discovered in Incus, a system container and virtual machine manager, which could result the in execution of arbitrary commands via malformed...

CVE-2026-1427 WellChoose｜Single Sign-On Portal System - OS Command Injection

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

VulnCheck KEV: CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

WellChoose Single Sign-On Portal System has security vulnerabilities

WellChoose Single Sign-On Portal System is a single-sign-on portal system developed by WellChoose in Taiwan, China. The WellChoose Single Sign-On Portal System has a security vulnerability, which stems from OS command injection, potentially allowing for the execution of arbitrary OS commands...

[SECURITY] [DSA 6109-1] incus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6109-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 23, 2026 https://www.debian.org/security/faq -...

CVE-2026-24129

Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954

Incus CVE-2026-23954 affects versions 6.21.0 and below. The issue arises when launching a container with a custom image (e.g., incus group member) using templating in metadata.yaml, where directory traversal or symbolic links in source/target paths are not checked, enabling host arbitrary file re...

CVE-2026-23953

Incus CVE-2026-23953 affects versions 6.20.0 and earlier. A user able to launch a container with a crafted YAML can inject newlines via an environment variable, enabling additional lxc.conf items and potentially arbitrary command execution on the host. Exploitation requires modifying the payload ...

EUVD-2026-3804

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...

CVE-2026-23699

AP180 series with firmware versions prior to APRGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

PT-2026-3897

AP180 series with firmware versions prior to AP RGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

Incus path traversal vulnerability

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.21.0 contained a path traversal vulnerability. This vulnerability stemmed from directory traversal or symbolic link issues within the template functionality, which could lead to arbitrary file...

VulnCheck KEV: CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

NVIDIA CUDA toolkit 操作系统命令注入漏洞

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...