CVE-2026-49188

CVE-2026-49188 affects a component where the ai_cmd utility runs with root privileges and pipes socket inputs directly to popen(), enabling unauthenticated users to execute arbitrary root commands. The available sources explicitly state elevated root command execution via ai_cmd sockets, with CVS...

CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

CVE-2026-36175

Technical details enabling exploitation are not publicly available in the provided documents. The GNCC GP5 U-Boot vulnerability description is repeated across sources; monitor for updated advisories or technical specifics.

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from issues with the U-Boot component, which may allow physical proximity attackers to bypass authentication and obtain root access by...

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2026-35905

CVE-2026-35905 affects T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03. The advisory states a hardcoded root password for the superadmin account, enabling high-privilege access. CVSSv3.1 base score is 9.8 (Network attack, no user interaction, high impact to confidentia...

Froxlor 后置链接漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a post-installation link vulnerability. This vulnerability stems from a symbolic link follow-up flaw in the SSH key synchronization path, which may allow root access via SSH...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the aicmd tool executing with full root access, and it involves direct passing of socket inputs to popen, which may allow...

PT-2026-46244

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the use of a weak hash algorithm to protect the root password, which may allow attackers to obtain root credentials through brute-for...

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2026-35905

T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account...

EUVD-2026-34278

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

PT-2026-46310

Name of the Vulnerable Software and Affected Versions libinput versions prior to 1.30.4 libinput versions 1.31.x prior to 1.31.3 Description An issue exists in libinput-device-group where unescaped phys output allows for the injection of udev properties. This can lead to arbitrary root code...

PT-2026-46194

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from insufficient user...

PT-2026-46400

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Cisco Catalyst SD-WAN Validator affected versions not specified Description A flaw in the CLI and web management...

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...