7558 matches found
1Panel SQL Injection - Authenticated
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for...
A New Framework for Cybersecurity Refusals in AI Agents
Agentic scaffolds have dramatically improved LLM performance on complex, long-horizon tasks, yielding both broad benefits and amplified risks in domains like cybersecurity. Existing benchmarks for AI agents in cybersecurity focus mainly on measuring proficiency--how effectively agents can complet...
Cisco HyperFlex HX Data Platform - Remote Command Execution
Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...
Important: cockpit security update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...
Openfire Administration Console - Authentication Bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...
LITE-SOC: Lightweight Security Operations Center Simulator for Cybersecurity Education
This innovative practice WIP paper describes LITE-SOC, a lightweight web-based Security Operations Center SOC simulator designed for instructor-led cybersecurity education. SOC analysts must triage large volumes of alerts, separate genuine threats from false positives, and communicate decisions...
ntopng 输入验证错误漏洞
ntopng is a web-based network traffic monitoring application developed by ntop. ntopng has a vulnerability related to input validation, which stems from URL redirection to untrusted sites...
EUVD-2026-29818
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44867
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44869
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44872
CVE-2026-44872 affects the web-based management interface of AOS-8 and AOS-10. It describes a command injection vulnerability that could allow an authenticated remote attacker to place arbitrary files on the device’s filesystem. The CVSS score is 7.2 (High) with network attack vector, low attack ...
CVE-2026-44872
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...
CVE-2026-44869 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44868
CVE-2026-44868 affects the web-based management interfaces of AOS-8 and AOS-10. Description: authenticated remote command injection could allow execution of arbitrary OS commands. CVSS v3.1 base score 7.2 (HIGH) with network attack vector, low access complexity, and privileges required as HIGH. I...
CVE-2026-44866
The vulnerability affects the web-based management interface of AOS-8 and AOS-10 Operating Systems. The issue is a command injection in the web interface that could allow an authenticated remote attacker to execute arbitrary commands on the underlying OS . Documented by multiple sources, the CVE ...
CVE-2026-44866 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44865 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...