CVE-2025-59818

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

Maltrail <=0.54 Username Parameter - Remote Command Execution

Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. id: CVE-2025-34073 info: name: Maltrail =0.54 Username Parameter - Remote Command Execution author: SeungAh-Hong severity: critical...

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

CVE-2026-20987

Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands...

CVE-2026-20987

Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands...

CVE-2026-20980

CVE-2026-20980 affects PACM in Samsung mobile software prior to SMR Feb-2026 Release 1. The root cause is improper input validation, allowing a physical attacker to execute arbitrary commands on the device. Impact is consistent with local compromise of confidentiality, integrity, and availability...

EUVD-2026-5396

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. Versions before Samsung Mobile Devices SMR Feb-2026 Release 1 contained security vulnerabilities, which were caused by improper input validation. These...

Cisco Meeting Management 代码问题漏洞

Cisco Meeting Management CMM is a management tool for Cisco Meeting Server, a Cisco local videoconferencing platform from Cisco USA. A code issue vulnerability exists in Cisco Meeting Management that stems from improper input validation in certain parts of the web-based management interface, whic...

PT-2026-5875

Name of the Vulnerable Software and Affected Versions IBM Common Cryptographic Architecture CCA versions 7.5.52 and 8.4.82 Description The software contains a flaw that could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. This impacts systems...

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform developed by the American multinational company International Business Machines IBM. It provides features for protecting financial transactions. Versions 7.5.52 and 8.4.82 of IBM Common Cryptographic Architecture contain security...

Zenitel TCIS-3+ 安全漏洞

Zenitel TCIS-3+ is an IP intercom terminal produced by the Norwegian company Zenitel. There is a security vulnerability in Zenitel TCIS-3+, which allows authenticated attackers to execute arbitrary commands on the underlying system using the file names uploaded by them...

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

PT-2026-5926

Name of the Vulnerable Software and Affected Versions affected versions not specified Description This issue enables authenticated attackers to execute arbitrary commands on the underlying system by manipulating the file name during file uploads. The vulnerability resides in the file upload...

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

PT-2026-6657

Name of the Vulnerable Software and Affected Versions EPyT-Flow versions prior to 0.16.1 Description EPyT-Flow is a Python package used for generating hydraulic and water quality scenario data for water distribution networks. The REST API parses attacker-controlled JSON request bodies using a...