19 matches found
CVE-2026-44194
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
EUVD-2026-30184
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
CVE-2026-44194 OPNsense: RCE on user managment
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
CVE-2026-44194
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
CVE-2026-44194
The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...
Deciso OPNsense 操作系统命令注入漏洞
Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 contained an operating system command injection vulnerability. This vulnerability stemmed from the local user synchronization process, where attackers could...
PT-2026-40827
Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.8 Description An authenticated Remote Code Execution issue in the core of this FreeBSD-based firewall and routing platform allows a user with user-management privileges to execute arbitrary system commands as...
EUVD-2025-208276
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783 OS Command Injection over API
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59783 OS Command Injection over API
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...
2N Access Commander 安全漏洞
2N Access Commander is an access control solution provided by 2N Corporation. Version 3.4.1 of 2N Access Commander contains a security vulnerability. This vulnerability stems from insufficient input validation in the user synchronization API endpoint, which may allow attackers who have been...
PT-2026-22930
Name of the Vulnerable Software and Affected Versions 2N Access Commander version 3.4.1 Description The user synchronization API endpoint in 2N Access Commander version 3.4.1 lacks sufficient input validation, which allows for OS command injection. Exploitation requires administrator privileges...
CVE-2026-1898
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2025-41115
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
GO-2024-3025 Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server...
PT-2024-27027 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote user to overwrite an existing loc...