CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2026-20980

CVE-2026-20980 affects PACM in Samsung mobile software prior to SMR Feb-2026 Release 1. The root cause is improper input validation, allowing a physical attacker to execute arbitrary commands on the device. Impact is consistent with local compromise of confidentiality, integrity, and availability...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

PT-2026-5875

Name of the Vulnerable Software and Affected Versions IBM Common Cryptographic Architecture CCA versions 7.5.52 and 8.4.82 Description The software contains a flaw that could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. This impacts systems...

PT-2026-5926

Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables authenticated attackers to execute arbitrary commands on the underlying system by manipulating the file name during file uploads. The vulnerability resides in the file upload...

PT-2026-6090

Name of the Vulnerable Software and Affected Versions PACM versions prior to SMR Feb-2026 Release 1 Description Improper input validation in PACM allows a physical attacker to execute arbitrary commands. Recommendations Update to SMR Feb-2026 Release 1 or later...

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. Versions before Samsung Mobile Devices SMR Feb-2026 Release 1 contained security vulnerabilities, which were caused by improper input validation. These...

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

Cisco Meeting Management 代码问题漏洞

Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...

PT-2026-6657

Name of the Vulnerable Software and Affected Versions EPyT-Flow versions prior to 0.16.1 Description EPyT-Flow is a Python package used for generating hydraulic and water quality scenario data for water distribution networks. The REST API parses attacker-controlled JSON request bodies using a...

Zenitel TCIS-3+ 安全漏洞

Zenitel TCIS-3+ is an IP intercom terminal produced by the Norwegian company Zenitel. There is a security vulnerability in Zenitel TCIS-3+, which allows authenticated attackers to execute arbitrary commands on the underlying system using the file names uploaded by them...

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform developed by the American multinational company International Business Machines IBM. It provides features for protecting financial transactions. Versions 7.5.52 and 8.4.82 of IBM Common Cryptographic Architecture contain security...

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

Exploit for CVE-2026-25130

CVE-2026-25130 – Cybersecurity AI CAI Framework Argument Inj...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

CVE-2025-52626 HCL AION is susceptible to Potential Command Injection vulnerability

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0...

CVE-2025-9974

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...