CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...

CVE-2026-30900

CVE-2026-30900 affects Zoom Clients for Windows. It describes an improper check of minimum version in the update functionality, enabling an authenticated user with local access to escalate privileges (local, required privileges: low; UI: none; scope: unchanged; impact: high on confidentiality, in...

CVE-2026-30900

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...

PT-2026-24681

Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description An improper check of the minimum version in the update functionality of certain Zoom Clients for Windows could allow an authenticated user to escalate privileges through loca...

CVE-2026-27849 Missing neutralization in Linksys MR9600, Linksys MX4200

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

EUVD-2006-2479

Malware in sbrugna...

EUVD-2016-10080

Malware in sbrugna...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

Summary An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Impact Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC...

PT-2025-24647 · Nozomi Networks · Nozomi Networks Guardian +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: An OS command injection issue exists within the update functionality, potentially allowing authenticated administrators to execute unauthorized arbitrary OS command...

CVE-2024-3686

A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateguide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The...

CVE-2021-24557

The update functionality in the rsliderpage uses an rsid POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role...

CVE-2020-28656

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainmen...

PT-2025-21380 · WordPress · Wp-Reply Notify

Name of the Vulnerable Software and Affected Versions: WP-Reply Notify WordPress plugin versions 1.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

PT-2025-17720 · WordPress · Buddypress Force Password Change

Name of the Vulnerable Software and Affected Versions: Buddypress Force Password Change plugin for WordPress versions up to, and including, 0.1 Description: The issue allows for authenticated account takeover due to improper validation of a user's identity prior to updating their password through...

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...

CVE-2024-7236

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-7236

CVE-2024-7236 affects AVG AntiVirus Free (icarus). The vulnerability is in the AVG Installer: an attacker who can run low-privilege code locally can abuse the updater by creating a symbolic link to create a file, enabling a persistent DoS condition. This is a local-privilege, file-creation DoS ve...

CVE-2024-7236 AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the...