EUVD-2026-13852

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

EUVD-2026-13716

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later...

CVE-2025-15607 Authenticated Command Injection in mcsd Service of TP-Link Archer AX53

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

CVE-2026-22897

QuNetSwitch is affected by a remote command injection vulnerability (CVE-2026-22897). The issue allows an attacker to execute arbitrary commands with network access, requiring no user interaction and no privileges. The root cause is a command injection reachable over the network, leading to high ...

EUVD-2024-55479

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

EUVD-2026-13543

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

PT-2026-26611

CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. https://t.co/m0vhXKM2HE...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a security verification bypass in the plugin system, which may lead to th...

QNAP Systems QuNetSwitch 操作系统命令注入漏洞

QNAP Systems QuNetSwitch is a network management software developed by QNAP Systems, a company based in Taiwan, China. It provides centralized switch management and network configuration monitoring capabilities. Previous versions of QNAP Systems QuNetSwitch, including version 2.0.5.0906, had a...

SysAK 安全漏洞

SysAK is a system operation toolset open source by China Dragon Lizard anolis. Versions of SysAK prior to v2.0 contained security vulnerabilities; these vulnerabilities stemmed from command execution, potentially allowing attackers to execute arbitrary commands...

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM 8.9.2 and earlier contained a code vulnerability. This vulnerability stemmed from insecure deserialization in the SavedSearch filter processing component, which could allow authenticated...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

SysAK is affected: versions up to and including 2.0 are vulnerable to command execution via aaa;cat /etc/passwd. The CVE entry indicates a critical (CVSS v3.1: 9.8) issue with network attack vector and high impact on confidentiality, integrity, and availability. Connected sources confirm SysAK v2...

Ubuntu: Security Advisory (USN-8109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...