CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

CVE-2017-14743

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...