PT-2026-32694

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

Fortinet FortiDDoS-F 安全漏洞

Fortinet FortiDDoS-F is a distributed denial-of-service protection system developed by the American company Fortinet. Versions 7.2.1 to 7.2.2 of Fortinet FortiDDoS-F contain security vulnerabilities. These vulnerabilities stem from improper handling of special elements within SQL commands, which...

PT-2026-32963

An out-of-bounds write vulnerability CWE-787 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests...

PT-2026-32691

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the installpluginupload function. An attacker can execute unauthorized code and potentially compromise the application by uploading a crafted file to the affected endpoint...

CVE-2026-35195

A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest component can exploit an issue where the host does not validate memory allocation requests. This allows the guest to write arbitrary data to locations outside its designated memory. Depending on the configuration, this cou...

Vulnerability fixed in Fortinet's FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS. The vulnerability involves improper access controls in FortiClient EMS. Unauthenticated attackers can bypass security controls by sending specially crafted requests and execute unauthorized code or commands. The vulnerability can be exploited...

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

Fortinet FortiClientEms 安全漏洞

Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. Versions 7.4.5 to 7.4.6 of Fortinet FortiClientEms contain security vulnerabilities. These vulnerabilities stem from improper access control, allowing unauthorized attackers to execute...

VulnCheck KEV: CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

EUVD-2026-17907

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

Vulnerability overview: CVE-2026-35093 affects libinput. A local attacker can place a crafted Lua bytecode file in certain system or user configuration directories, bypassing security restrictions and executing unauthorized code with the same permissions as the affected program (e.g., a graphical...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

PT-2026-29524

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories...

CVE-2024-14025

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...

CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...