CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

EUVD-2025-37234

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

GHSA-3G72-CHJ4-2228 Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

DEBIAN-CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

UBUNTU-CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

The vulnerability of the server module gRPC Network Operations Interface (gNOI) in the operating system Juniper Networks Junos OS Evolved allows a attacker to execute arbitrary code.

The vulnerability of the server module gRPC Network Operations Interface gNOI in the Juniper Networks Junos OS Evolved operating system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-28983

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

Command injection

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

CVE-2023-28983

CVE-2023-28983 describes an OS command injection in the gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved. The vulnerability is triggered by an authenticated, low-privilege, network-based attacker who can inject shell commands and execute code due to the ...

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

PT-2023-3072 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions 21.4R1-EVO through 22.1R1-EVO Description: The issue is related to an OS Command Injection vulnerability in the gRPC Network Operations Interface gNOI server module. This allows an authenticated,...

The vulnerability of the API interface of the virtual infrastructure monitoring tool vRealize Operations allows a attacker to upload malicious files.

The vulnerability of the API interface of the virtual infrastructure monitoring tool vRealize Operations is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to upload malicious files...