CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

UBUNTU-CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

CVE-2024-55544

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...

CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...

CVE-2024-47902

CVE-2024-47902 affects Siemens InterMesh 7177 Hybrid 2.0 Subscriber (all versions < 8.2.12) and InterMesh 7707 Fire Subscriber (all versions

CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...

CVE-2024-47901

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not sanitize the input paramete...

Command injection

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions = 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an...

CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

Code injection

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

CVE-2023-1966 CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

Path traversal

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

CVE-2022-1517

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...

CISA Releases Security Advisory on Illumina Local Run Manager

CISA has released an Industrial Controls Systems Advisory ICSA detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at th...

Cisco Integrated Management Controller Command Injection (cisco-sa-CIMC-CIV-pKDBe9x5)

According to its self-reported version, Cisco Integrated Management Controller IMC is affected by a vulnerability in the web UI that allows an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due ...

CVE-2020-3371

A vulnerability in the web UI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could...

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

Cisco Fixes Three Bugs in Secure ACS Platform

Cisco has released patches for three vulnerabilities in its Secure Access Control System, including two flaws that could enable a remote attacker to take complete control of an affected system. Cisco’s Secure ACS is part of the company’s TrustSec solution, which the company says “supports the...

FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)

Andreas Kurtz reports : The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. - Authentication bypass - This...

Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting

Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a Remotely Exploitable: Yes Risk:...