121 matches found
CVE-2026-56413 OS Command Injection in StoneFly Storage Concentrator
Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...
EUVD-2026-40377
Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...
PT-2026-53941
Name of the Vulnerable Software and Affected Versions Orkes Conductor versions 3.21.21 through 3.30.1 Description An unauthenticated remote code execution issue exists that allows remote attackers to execute arbitrary OS commands. This occurs when malicious JavaScript or Python expressions are...
CVE-2026-52751 Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...
CVE-2026-45777 Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...
CVE-2026-0611
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...
CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization
AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...
CVE-2026-7858
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution...
CVE-2026-7858
CVE-2026-7858 involves a Deserialization of Untrusted Data flaw affecting Teamwork Cloud (No Magic Release 2022x–2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x–2026x). The root cause is deserialization of untrusted data enabling unauthenticated remote code execution. The entry h...
CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...
Security update for samba
This update for samba fixes the following issues CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server bsc1261160. CVE-2026-4408: Remote Code Execution in SAMR bsc1261163. CVE-2026-4480: Unauthenticated Remote...
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
CVE-2026-41315
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...
CVE-2026-23827
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged use...
Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`
GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There is a security vulnerability in Dell PowerProtect Data Domain Dell PowerProtect DD, which stems from a...
RHSA-2026:7384 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Bulletin has no description...
ALSA-2026:7384 Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...
EUVD-2026-19361
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form o...