CVE-2026-34917

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

CVE-2025-57791

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

EUVD-2025-25255

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

CVE-2025-57791

CVE-2025-57791 is an argument-injection vulnerability in Commvault components, enabling remote injection/manipulation of command-line arguments due to insufficient input validation. Exploitation can yield a valid session for a low-privilege user, and is part of an exploit chain including CVE-2025...

CVE-2025-57791 Argument Injection Vulnerability in CommServe

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...

PT-2025-33901 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful...

Commvault 参数注入漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...