CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

dalfox 访问控制错误漏洞

Dalfox is an automated cross-site scripting scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained a access control vulnerability. This vulnerability stemmed from the default binding of the REST API server to 0.0.0.0:6664, without the need for an API key. Additionally, th...

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

PT-2026-37444

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

Incorrect Privilege Assignment

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler in File Browser. An attacker can gain unauthorized command execution capabilities by self-registering when server-side...

Pharos Controls Mosaic Show Controller 访问控制错误漏洞

Pharos Controls Mosaic Show Controller is an embedded control device developed by the British company Pharos, used for lighting control and multimedia scene orchestration. Version 2.15.3 of Pharos Controls Mosaic Show Controller contains a security vulnerability due to the lack of authentication...

EUVD-2026-13852

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

CVE-2025-54820

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

CVE-2024-55026

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

CVE-2024-55026

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

CVE-2024-55026

CVE-2024-55026 affects Weintek cMT-3072XH2 easyweb (v2.1.53) with OS v20231011. The issue is in the reset_pj.cgi endpoint, where a crafted GET request can lead to arbitrary command execution. Documented impact is high/critical (unauthorized, network-remote access with no user interaction). Root c...

EUVD-2025-206777

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

CVE-2024-34257

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

CVE-2025-66848

JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...

Exploit for Command Injection in Fit2Cloud 1Panel

CVE-2025-54424 CVE-2025-54424: 1Panel client vulnerability in...

CVE-2023-7317

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of...