PT-2026-45987

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

MAL-2026-4510 Malicious code in cerebrum-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0ac38481a69f23f9170b098fcd48cd72b82edb969bdd44eb3aa5cc377a13a0d On npm install, the package's postinstall hook runs setup.js, which decodes an embedded base64 string into a tar.gz file at ../../../tempbundle.tar.g...

Astra Linux - уязвимость в cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user belonging to the lpadmin group could use the cups web interface to modify configurations and insert malicious lines. As a result, the cupsd process, running as root...

GHSA-WPPJ-C6MR-83JJ OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root

Summary OpenShell FS bridge writes stay pinned to the sandbox mount root Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap...

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

VulnCheck KEV: CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

CVE-2026-33253

SANUPS SOFTWARE (SANYO DENKI CO., LTD.) exposes a Windows service registration with an unquoted executable path. According to the description, a user with write access to the system drive root can trigger arbitrary code execution with SYSTEM privileges via a local privilege escalation. The connec...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-26224 Intego Log Reporter TOCTOU Local Privilege Escalation

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure...

PT-2026-7075

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

PT-2026-1822

Name of the Vulnerable Software and Affected Versions Veeam Backup & Recovery versions prior to 13.0 Description The issue allows a Backup or Tape Operator to write files as root, leading to potential privilege escalation. Multiple reports indicate this is a critical security concern...

Unity Linux 20.1070e Security Update: cups (UTSA-2025-993328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993328 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the...

CVE-2025-66271

CVE-2025-66271 affects ELECOM Clone for Windows, where the software registers a Windows service with an unquoted file path (unquoted service path). The root cause is an unquoted path in the service configuration, enabling a local attacker with write access to the system drive root to execute arbi...

Linux Distros Unpatched Vulnerability : CVE-2025-61915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can us...

ALPINE-CVE-2025-61915

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

CVE-2025-62225

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-61865

Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-61865

Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...