EUVD-2026-12720

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

CVE-2024-14003

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...

EUVD-2006-4322

Malware in sbrugna...

EUVD-2023-56358

Malicious code in bioql PyPI...

CVE-2025-9273

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ExportDataAsXML...

The vulnerability of the ConvertFromJson method in the monitoring and security management tool Trend Micro Apex Central allows a attacker to execute arbitrary code in the context of NETWORK SERVICE.

The vulnerability of the ConvertFromJson method in the Trend Micro Apex Central security monitoring and management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of NETWORK SERVICE...

CVE-2021-34995

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2023-51644

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A remote code execution vulnerability exists in Voltronic Power ViewPower Pro, which can be exploited by an attacker to execute code in the context of LOCAL SERVICE...

Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadSimpleFile method. The iss...

The vulnerability of the UpdateActionsProperties method in the SolarWinds Orion Platform’s network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the UpdateActionsProperties method in the SolarWinds Orion Platform software monitoring solution is related to insufficient comparison. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of NETWORK SERVICE...

The vulnerability of the DownloadCenterUploadHandler class in the CommCell storage management software allows a attacker to execute arbitrary code in the context of NETWORK SERVICE.

The vulnerability of the DownloadCenterUploadHandler class in the CommCell storage management software is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of NETWORK SERVICE remotely...

CVE-2021-34997

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Commvault CommCell Arbitrary File Upload Vulnerability (CNVD-2021-101452)

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.An arbitrary file upload vulnerability exists in the DownloadCenterUploadHandler class in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker t...

Commvault CommCell DownloadCenterUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

MGASA-2020-0024 Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

How Do I Configure Cloud Connector to Support a Web Proxy

The primary intent of this article is to provide steps on how to configure the Cloud Connector to support a web proxy. The Connector supports connection to the internet via a web proxy server. The Connector requires outbound connectivity on port 443. Both the installer and the services it install...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Android operating system’s libnl service is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the Wi-Fi service context, using a local malware application...