938 matches found
CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...
CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...
CVE-2026-45744
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...
CVE-2026-45744
Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....
PT-2026-47017
Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. An OS command injection exists in the "/ssh/file manager/ssh/resolvePath" endpoint. T...
PT-2026-47022
Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the replace-resolve path. An attacker can execute arbitrary code by submitting specially crafted serialized data that bypasses class registration, TypeChecker, and DisallowedList checks, leading to t...
CVE-2026-50076
CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...
PT-2026-46269
Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...
Server-side Request Forgery (SSRF)
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...
CVE-2026-46252
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
CVE-2026-46252
CVE-2026-46252 affects the Linux kernel regulator core. The vulnerability stems from improper locking in regulator_resolve_supply() error handling, where late-failing supply enable paths could trigger a lockdep warning due to holding the regulator_list_mutex while calling _regulator_put(). The fi...
CVE-2026-46252
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
EUVD-2026-34114
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
CVE-2026-46252 regulator: core: fix locking in regulator_resolve_supply() error path
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...
Deserialization of Untrusted Data
Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveProxyClass function. An attacker...
CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...
CVE-2025-60477
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
PT-2026-45933
A NULL pointer dereference in the gf filter pid resolve file template ex function /filter core/filter pid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
EUVD-2025-210053
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...