CVE-2026-31226

CVE-2026-31226 relates to a critical command-injection in TinyZero’s HDFS file operations utilities. The flaw stems from unsafe shell command construction and execution via os.system(), where user-controlled input (e.g., file paths) is interpolated using f-strings inside the _copy() function. An ...

PT-2026-25547

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0 Description A command injection issue exists due to the direct interpolation of user-supplied container image names into shell commands without proper sanitization. These commands are then executed using the...

EUVD-2023-42154

Malicious code in bioql PyPI...

CVE-2025-7954 Race Condition in Shopware Voucher Submission

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations...

Vulnerability of software for analyzing computer system resources – Intel System Usage Report. This vulnerability stems from an uncontrolled element in the search process, allowing attackers to increase their privileges.

The vulnerability of software for analyzing computer system resources in the Intel System Usage Report is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

Vulnerability of software for analyzing computer system resources in Intel System Usage Reports, due to lack of access control, allows a violator to trigger a service failure

The vulnerability of software for analyzing computer system resources in the Intel System Usage Report is related to lack of access control. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Vulnerability of software for analyzing computer system resource usage in Intel System Usage Reports, related to improperly used standard permissions, allows attackers to increase their privileges.

The vulnerability of software for analyzing computer system resources in the Intel System Usage Report is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their privileges...

PT-2024-1875 · Intel · Intel(R) Sur For Gameplay

Name of the Vulnerable Software and Affected Versions: IntelR SUR for Gameplay Software versions prior to 2.0.1901 Description: The issue is related to an uncontrolled search path in the Intel System Usage Report software, which may allow a privileged user to potentially enable escalation of...

Authorization

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

CVE-2023-2534 Information disclouse and DoS via websocket push events

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

CVE-2023-2534

CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...

Ctags 操作系统命令注入漏洞

Ctags is Sourceforge open source for generating indexed files from a program's source code tree, thus facilitating text editors to achieve rapid location of the utility. Ctags has a security vulnerability that originates from externalSortTags in sort.c calling the system3 function in an unsafe...

CVE-2019-1631 Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

CVE-2019-1692

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...

CVE-2019-1692

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...

CVE-2019-1692 Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...

UF Zhiyuan A6 collaborative system of high-risk SQL injection-vulnerability warning-the black bar safety net

The system usage is very large code area /yyoa/HJ/iSignatureHtmlServer. jsp? COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 DOCUMENTID, the SIGNATUREID are the presence of error injection A simple test method code area...