CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

EUVD-2025-206811

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...

CVE-2025-52626 HCL AION is susceptible to Potential Command Injection vulnerability

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0...

CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

CVE-2025-7851 Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker could exploit the vulnerability to execute code on the underlying system...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker could exploit the vulnerability to execute code on the underlying system...

PT-2024-27729 · Unknown · Safe Exam Browser

Name of the Vulnerable Software and Affected Versions: Safe Exam Browser versions 3.5.0 and earlier Description: The issue is related to insecure access control, allowing an attacker to share clipboard data between the Safe Exam Browser kiosk mode and the underlying system. This compromises exam...

IBM Security Access Manager Container Security Vulnerability

IBM Security Access Manager Container is a containerized identity and access management solution from International Business Machines IBM. A security vulnerability exists in IBM Security Access Manager Container that stems from the ability to access the underlying system via a man-in-the-middle...

CVE-2023-43799

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the...

Aruba Networks ArubaOS 路径遍历漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. Aruba Networks ArubaOS suffers from a path traversal vulnerability that originates from an authenticated path traversal in the...

Vulnerability fixed in IBM Integration Bus

A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...

Directory traversal

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the...

Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

Debian Security Advisory DSA 3270-1 (postgresql-9.4 - security update)

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

Ahhp Portal Page.PHP Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/23658/info Ahhp Portal is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...

Actionpoll 1.1 Actionpoll.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23504/info Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the...

Gallery 2.0 Main.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15108/info Gallery is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a loss of...