Juniper Junos OS Multiple Vulnerabilities (JSA92873)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA92873 advisory. - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation has...

CVE-2026-4837 Eval Injection in Rapid7 Insight Agent

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

PT-2026-25923

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

PT-2026-22772

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM 1757588060 SEP2025 FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled paramete...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

EUVD-2025-199669

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

CVE-2025-34212

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

Exploit for Incorrect Authorization in Cisco Secure_Firewall_Management_Center

CVE-2023-20048 — Cisco RV Series PoC & Exploit ⚠ WARNING:...

Linux Distros Unpatched Vulnerability : CVE-2022-46302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

Linux Distros Unpatched Vulnerability : CVE-2017-9078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -...

Exploit for CVE-2025-20029

CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP A...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

PT-2024-5969

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to the fixed version Description A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 12...

CVE-2023-44426

D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...