EUVD-2026-35000

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

AXIS OS 安全漏洞

AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability may lead to command injection and potentially allow for privilege escalatio...

CVE-2026-28270

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

Ubuntu: Security Advisory (USN-8056-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-14927

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW-D model checkpoint, causing arbitrary code execution in the context...

CVE-2025-14927

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

git: Git arbitrary code execution

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

SUSE CVE-2025-6018

A Local Privilege Escalation LPE vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules PAM. This flaw allows an unprivileged local attacker for example, a user logged in via SSH to obtain the elevated privileges normally reserved for a physically present,...

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

PT-2024-4755 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.31.0 Description: The issue is related to a configuration flaw in the exec-path Docker daemon config option, allowing a user in the docker-users group to cause a Windows Denial-of-Service in Windows containe...

The vulnerability of the configuration for connecting microprogramming software-based Cisco IP phones to web servers allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the configuration for connecting microprogrammed IP telephones to web servers is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure by using a specially created HTTP...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the accessibility of protected information

Multiple vulnerabilities exist in the dhcp package up to version 4.2.4p2 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to the compromise of protected information. These vulnerabilities can be exploited remotely...

Design/Logic Flaw

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...