44951 matches found
CVE-2026-25157
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...
CVE-2026-24844
melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...
BeyondTrust Remote Support和BeyondTrust Privileged Remote Access 安全漏洞
BeyondTrust Remote Support and BeyondTrust Privileged Remote Access BeyondTrust PRA are both products from the American company BeyondTrust. BeyondTrust Remote Support is a remote desktop access, helpdesk, and collaboration software suitable for Windows, Mac, Linux, iOS iPad, iPhone, etc...
Cisco Meeting Management (CMM) Code Issues Vulnerability
Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...
PT-2026-6784
Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...
Asterisk 安全漏洞
Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have security vulnerabilities. These vulnerabilities stem from astcoredump...
PT-2026-6745
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...
Malicious code in ethers-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 315365a10d9e3322792c18bdb8c5a8e620bbcc2a9ad8d5a1d5ef139ef6e47777 The package ethers-lint was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-25049
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
GHSA-3P7X-94Q9-JQ9X pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
EUVD-2026-5528
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2026-1707
CVE-2026-1707 affects pgAdmin 9.11. The SUSE/Red Hat/Linux advisories describe a Restore restriction bypass during server-mode restores from PLAIN-format dumps, where an attacker with web GUI access can observe an active restore, exfiltrate the \restrict key in real time, and race the restore by ...
CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...
CVE-2020-37149
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...
CVE-2020-37149
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...
CVE-2020-37149
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...