CVE-2026-2952

CVE-2026-2952 affects Vaelsys 4.1.0, specifically the HTTP POST Request Handler’s file /tree/tree_server.php. The vulnerability arises from manipulating the xajaxargs argument, enabling remote OS command injection. Exploitation can be performed remotely, and the exploit has been published. Multip...

Vaelsys V4 操作系统命令注入漏洞

Vaelsys V4 is an artificial intelligence video analysis platform developed by the Spanish company Vaelsys. Version 4.1.0 of Vaelsys V4 contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter xajaxargs in the...