2378 matches found
CVE-2026-2041
Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...
CVE-2026-2035
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-2035
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2019-25435 Sricam DeviceViewer 3.12.0.1 Local Buffer Overflow DEP Bypass
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User...
CVE-2026-2041
Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...
CVE-2026-2041
CVE-2026-2041 is a remote command-injection vulnerability in Nagios Host in the zabbixagent_configwizard_func path. Exploitation relies on insufficient validation of a user-supplied string before it is used in a system call, allowing an attacker to execute code with the service account’s privileg...
CVE-2026-2041 Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability
Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...
CVE-2026-2043
Nagios Host is affected by CVE-2026-2043, a remote command injection in the esensors_websensor_configwizard_func method. The root cause is improper validation of a user-supplied string before it is used in a system call, enabling an attacker to execute code with the service account’s privileges. ...
CVE-2026-2043 Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-2043
Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-2043 Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability
Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-2042 Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-2042
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-2042 Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-2035
The CVE-2026-2035 entry concerns Deciso OPNsense, specifically the diag_backup.php file. The flaw stems from insufficient validation of a user-supplied string before it is used in a system call, enabling a network-adjacent attacker to achieve remote code execution with root privileges. Exploitati...
CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-23620
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON...
CVE-2026-23615
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to...
CVE-2026-26990
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...