CVE-2026-20892

Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands...

CVE-2026-23816

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23816

The CVE-2026-23816 entry describes a vulnerability in the command line interface of AOS-CX Switches that could allow an authenticated remote attacker to execute arbitrary OS commands. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and privileges required: HIGH, ...

PT-2026-24769

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...

PT-2026-24788

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

PT-2026-24781

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to...

PT-2026-24723

Name of the Vulnerable Software and Affected Versions Lantronix EDS5000 version 2.1.0.0R3 Description An unauthenticated OS command injection exists in the HTTP RPC module of Lantronix EDS5000 serial-to-IP converters. The issue occurs when the system executes a shell command to write logs followi...

Cisco IOS XR 操作系统命令注入漏洞

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. Cisco IOS XR has a vulnerability related to operating system command injection, which stems from insufficient validation of user parameters in certain CLI commands. This vulnerability may lead to...

Lantronix EDS3000PS 安全漏洞

Lantronix EDS3000PS is a serial port device server developed by the American company Lantronix. The Lantronix EDS3000PS version 3.1.0.0R2 contains a security vulnerability. This vulnerability stems from improper handling of the TFTP client host parameters on the Filesystem Browser page, which cou...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.21 had security vulnerabilities. These vulnerabilities stemmed from command injection issues during the generation of systemd unit files, which could allow attackers to execute arbitrary commands...

NetGain EM Plus 安全漏洞

NetGain EM Plus is a network and system management software developed by NetGain Company in Singapore. Version 10.1.68 of NetGain EM Plus contains a security vulnerability. This vulnerability stems from the parameter handling in the scripttest.jsp endpoint, which may allow unverified attackers to...

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

SAPIDO RB-1732 安全漏洞

SAPIDO RB-1732 is a wireless router produced by SAPIDO Company in Taiwan, China. The SAPIDO RB-1732 V2.0.43 version has a security vulnerability. This vulnerability stems from the formSysCmd endpoint, which allows remote command execution, potentially enabling unverified attackers to execute...

PT-2026-24747

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.0 Description Cursor is a code editor designed for programming with AI. Prior to version 2.0, if a visited website contained maliciously crafted instructions, the model could attempt to follow them to assist the user...

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from the HTTP RPC module directly concatenating commands into the username parameter without proper...

Epross AVCON6 安全漏洞

Epross AVCON6 is a monitoring video management server developed by Epross Corporation. Epross AVCON6 has a security vulnerability, which stems from OGNL injection. This vulnerability could allow unverified attackers to execute arbitrary commands...

Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 代码注入漏洞

Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have code injection vulnerabilities; these vulnerabilities stem from code injection issues that may allow for the executi...

Improper Handling of Case Sensitivity

Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the preventProtocolOverride function, which fails to properly validate...