CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...

CVE-2025-50946

A flaw was found in github.com/olivetin/olivetin. The ParseRequestURI function in service/internal/executor/arguments.go is vulnerable to an OS command injection, allowing an attacker to execute arbitrary commands on the system. This occurs when processing a crafted URI. A remote attacker can...

CVE-2024-40895

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...

Command Execution Vulnerability in China_user_add_op.php, the Security Isolation Gateway of Beijing Yuanwei Software Co.

Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. A command execution vulnerability exists in chinauseraddop.php, the security isolation gateway of Beijing...