142646 matches found
CVE-2026-40811
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
web-vulnerabilities-labs
Web Vulnerabilities Labs Notes techniques issues de labs web...
CVE-2026-40852 Command injection via malicious configuration
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...
CVE-2026-40852
This CVE describes a code-execution vulnerability where a highly authenticated attacker can modify the config generator to inject a payload into future configurations. The device may pass the manipulated value to a system execute call, enabling code execution and potentially compromising confiden...
CVE-2026-40851 Command injection via USB
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...
CVE-2026-40851 Command injection via USB
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...
CVE-2026-40851
Technical details are not publicly available in the provided documents. Monitor for updates from NVD, CVE List, CIRCL, and CVELIST for any affected products, root cause, and fixes.
CVE-2026-40836 Authenticated SQLi in inmessage model
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
CVE-2026-40827
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...
EUVD-2026-32119
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
UBUNTU-CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450
CVE-2026-8450 affects HTTP::Daemon before 6.17 (Perl). The vulnerability allows OS command execution via the send_file() function, which opens its string argument with Perl’s 2-arg open(). The 2-arg form supports magic prefixes: “| cmd” and “cmd |” to pipe to a subprocess, and “> path”/“>&g...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
EUVD-2026-32050
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...