Exploit for OS Command Injection in Cyberpanel

CVE-2024-51378 — Proof of Concept эмуляция ДЗ 10. Python...

PT-2026-7476

Name of the Vulnerable Software and Affected Versions JUNG Smart Panel KNX firmware versions prior to L1.12.22 Description The JUNG Smart Panel KNX firmware does not properly validate file path input in its embedded web interface. This allows remote, unauthenticated attackers to access arbitrary...

Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40567)

The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users. This plugin...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-005313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005313 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the...

JUNG Smart Panel KNX 路径遍历漏洞

JUNG Smart Panel KNX is an intelligent touch panel developed by the German company JUNG. Versions of JUNG Smart Panel KNX prior to L1.12.22 contained a path traversal vulnerability. This vulnerability stemmed from unvalidated path traversal in the embedded web interface, which could lead to...

Siemens SCALANCE and RUGGEDCOM Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2025-40569)

The Load Configuration from Local PC functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful...

Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40568)

An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to terminate legitimate users' sessions. This plugin only works with Tenable.ot. Pleas...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p21, 2.3.0p43, and 2.2.0 contain security vulnerabilities. These vulnerabilities stem from improper permission execution, which may allow users with the "Use WATO" permission to bypass...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

EUVD-2026-5797

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2148

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2026-2148

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has bee...

SUSE CVE-2026-20888

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

Wing FTP Server 跨站请求伪造漏洞

Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Versions of Wing FTP Server prior to 6.2.7 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from cross-site request forgery within the web management interface, whi...

CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...

CVE-2026-25640

Pydantic AI (web UI) is affected by CVE-2026-25640 in versions 1.34.0–1.50.x. The vulnerability stems from insufficient validation of the version query parameter used to build the CDN URL for the frontend, allowing path traversal that can cause the server to fetch and serve attacker-controlled HT...

CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

sb-poc-web

StackBill Deployer Web-based deployment portal for StackBill...

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...