CVE-2026-22265

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

MAL-2026-282 Malicious code in experian-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 629f30cfc3fe4cc45698b5cce11973037d0fa7f6564fc999aef0247701f6fee5 The package experian-design-system was found to contain malicious code. Source: ghsa-malware...

PT-2026-3034

Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can...

Linux Distros Unpatched Vulnerability : CVE-2023-54335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers...

CVE-2022-50806

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...

CVE-2025-37175

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

CVE-2025-37174

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

BIT-ENVOY-GATEWAY-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...

CVE-2026-22718 Command injection vulnerability

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-0507

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

Blurams Flare Camera 安全漏洞

Blurams Flare Camera is a webcam from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from an insecure authentication mechanism that could lead to the execution of arbitrary commands...

VMware Spring CLI VSCode Extension 安全漏洞

VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...

MiracleLinux 3 : logwatch-7.3-9.AXS3 (AXSA:2011-82:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-82:01 advisory. Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wi...

TencentOS Server 2: httpd (TSSA-2026:0012)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

MiracleLinux 4 : xorg-x11-server-utils-7.4-15.AXS4.1 (AXSA:2011-155:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-155:01 advisory. A collection of utilities used to tweak and query the runtime configuration of the X server Security issues fixed with this release; CVE-2011-0465 xrdb.c in...

CVE-2023-54339

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...