CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-44062 Missing o_len bounds check in pull_charset_flags()

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-

Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...

CVE-2026-45708 CubeCart: Authenticated RCE via Invoice Template → Order Print

CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print..php. files/.htaccess ships an explicit allow from all...

CVE-2026-45708

CubeCart before 6.7.3 is affected by an authenticated RCE via the Invoice Editor. An admin with documents edit permission can inject raw code, and when the next admin prints an order, the system writes the rendered template to files/print..php. The subsequent carve-out in files/.htaccess allows...

CVE-2026-41957

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-44403

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

CVE-2026-30461

Summary: CVE-2026-30461 affects Daylight Studio FuelCMS v1.5.2. An authenticated attacker can trigger remote code execution via the installer path: /controllers/Installer.php, abusing the add_git_submodule function. The underlying issue is insufficient access control for the installer submodule o...

CVE-2026-3357

IBM Langflow Desktop 1.6.0–1.8.2 contains a deserialization flaw in its FAISS Vector Store component that allows an authenticated user to achieve arbitrary code execution by uploading a crafted Python Pickle file. The vulnerability stems from unsafe default behavior that loads untrusted data, gra...

CVE-2026-3987

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...

CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

CVE-2026-33873 Langflow has Authenticated Code Execution in Agentic Assistant Validation

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

CVE-2026-33873

CVE-2026-33873 affects Langflow. Before v1.9.0, the Agentic Assistant feature can execute LLM-generated Python code during its validation phase, reaching dynamic execution sinks and instantiating the generated class server-side. In deployments where an attacker can access the Agentic Assistant an...

PT-2026-28544

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow's Agentic Assistant feature, prior to version 1.9.0, executes LLM-generated Python code during validation. This implementation allows for arbitrary server-side Python execution if an attack...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from the VIEWSTATE processing in ASP.NET servlets, which allowed untrusted dat...