CVE-2026-20220

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

CVE-2026-20220

Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...

EUVD-2026-37750

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

CVE-2025-6075

CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

ZZCMS 代码注入漏洞

ZZCMS is a content management system CMS by China Zzcms team. A security vulnerability exists in ZZCMS, which originates from a Remote Code Execution RCE vulnerability in templateuser.php in the 2018 version of ZZCMS. The vulnerability can be exploited to execute arbitrary PHP code via the "ml" a...