Exploit for Deserialization of Untrusted Data in Google Android

Zygote Toolkit - CVE-2024-31317 This is a toolkit that uses C...

CVE-2026-49196 Predator Connect W6x: Web Interface Command Injection

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

CVE-2026-49196

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

EUVD-2026-33263

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

Acer Predator Connect W6x 代码注入漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a code injection vulnerability, which stems from allowing injections and execution of arbitrary shell commands...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

arcane 操作系统命令注入漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...

PT-2026-44766

Name of the Vulnerable Software and Affected Versions Predator Connect W6x affected versions not specified Description The Wi-Fi device blocking feature fails to sanitize MAC address input, which allows for the injection and execution of arbitrary shell commands. Recommendations At the moment,...

PT-2026-44904

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.2 Description An authenticated user can execute arbitrary OS commands on the host system through the Docker file upload functionality. The issue occurs because the destinationPath parameter is not properly...

PT-2026-44824

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Security update for python-pytest-html (important)

openSUSE security update: security update for python-pytest-html ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20839-1 Rating: important References: bsc1266254 Cross-References: CVE-2026-9277 CVSS scores: CVE-2026-9277 SUSE : 8.1...

PT-2026-44907

Name of the Vulnerable Software and Affected Versions Froxlor version 2.3.6 Description A symlink-following flaw exists in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorized keys within a customer-controlled home...

PT-2026-44903

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.1 Description Dokploy is a self-hostable Platform as a Service PaaS. A command injection issue exists in the deleteRegistry function within the packages/server/src/services/registry.ts file. The application...

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthenticated remote attackers to upload and execute a Web shell backdoor, thereby enabling...

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

PT-2026-44932

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

PT-2026-44906

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description An issue exists where server-side FTP account handlers do not enforce the system.available shells whitelist when processing add or edit requests. This allows an authenticated customer with shell...

Linux Distros Unpatched Vulnerability : CVE-2026-44461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable key...