CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

PT-2026-5824

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file...

CVE-2026-1741

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...

CVE-2025-61731 Arbitrary file write using cgo pkg-config directive in cmd/go

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

MiracleLinux 8 : kernel-4.18.0-240.el8 (AXSA:2021-1489:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1489:04 advisory. kernel: use after free in the video driver leads to local privilege escalation CVE-2019-9458 kernel: use-after-free in drivers/bluetooth/hcildisc.c...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004404 advisory. mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003862)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003862 advisory. A memory leak in the ath9kwmicmd function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service...

ROS-20260112-7352

A vulnerability in the core.c, fabrics-cmd-auth.c, fabrics-cmd.c components of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2023-29915

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm...

CVE-2022-31309

A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2020-7869

An improper input validation vulnerability of ZOOK software remote administration tool could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tig...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000283 advisory. A memory leak in the ccprunshacmd function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory...

SUSE CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /mspinfo.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

PT-2025-53951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to Bluetooth handling. Specifically, the scheduling of work items within the Bluetooth HCI Host Controller Interface subsystem was flawed. A...