LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...

Gridx 1.3 - Remote Code Execution

Gridx 1.3 is susceptible to remote code execution via tests/support/stores/testgridfilter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter. id: CVE-2020-19625 info: name: Gridx 1.3 - Remote Code Execution author: geeknik severity:...

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

Apache Unomi - Remote Code Execution

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code. id: CVE-2020-11975 info: name: Apache Unomi -...

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...

n8n - Remote Code Execution via Expression Injection

n8n 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. id: CVE-2025-68613 info: name: n8n - Remote Code...

Wing FTP Server <= 7.4.3 - Remote Code Execution

Wing FTP Server versions prior to 7.4.4 are vulnerable to an unauthenticated remote code execution RCE flaw CVE-2025-47812. The vulnerability arises from improper NULL byte handling in the 'username' parameter during login, which allows Lua code injection into session files. These injected sessio...

Invision Community <=5.0.6 Unauthenticated RCE via Template Injection

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by unauthenticated...

Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. id: CVE-2025-5086 info: name: Dassault Systèmes DELMIA Apriso up to 2025 - Insecure Deserialization author: hacktronai,iamnoooob,pdresearch...

FoxCMS v.1.2.5 - Remote Code Execution

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. id: CVE-2025-29306 info: name: FoxCMS v.1.2.5 - Remote Code Execution author: ritikchaddha severity: critical description: | An issue in FoxCMS v.1.2.5 allows a...

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

Prestashop AttributeWizardPro Module - Arbitrary File Upload

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file. id: CVE-2018-10942 info: name: Prestashop AttributeWizardPro Module - Arbitrary File Upload author: MaStErChO severity: critical description: | In the Attribute Wizard add...