Apache ActiveMQ Fileserver - Arbitrary File Write

Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. id: CVE-2016-3088 info: name: Apache ActiveMQ Fileserver - Arbitrary File Write author: fqhsu severity: critical...

EUVD-2026-29437

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-5029 RCE in Code Runner MCP Server

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-5029

CVE-2026-5029 affects Code Runner MCP Server when run with --transport http, exposing the /mcp JSON-RPC endpoint on port 3088 without authentication. An unauthenticated attacker can invoke the run-code MCP tool to supply arbitrary source code and execute it via child_process.exec() using the spec...

Code Runner MCP Server 访问控制错误漏洞

Code Runner MCP Server is a multi-language code execution and result display tool developed by Jun Han. There is an access control vulnerability in Code Runner MCP Server. This vulnerability arises when the --transport http option is used, exposing an unauthenticated /mcp JSON-RPC endpoint on por...

PT-2026-39994

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

EUVD-2026-3088

Malicious code in alf-ui-js npm...

Linux Distros Unpatched Vulnerability : CVE-2016-3088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an...

Linux Distros Unpatched Vulnerability : CVE-2018-3088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.16. Easi...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-3088)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3088 advisory. - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing Tenable has extracted the preceding description block directly from the Oracle Linu...

RHEL 8 : gstreamer1-plugins-base (RHSA-2024:3088)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3088 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a...

CentOS 8 : gstreamer1-plugins-base (CESA-2024:3088)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:3088 advisory. - GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

CVE-2024-3088

The CVE-2024-3088 entry describes a SQL injection in PHPGurukul Emergency Ambulance Hiring Portal 1.0, via the /admin/forgot-password.php username parameter. It is exploitable remotely and has been publicly disclosed (VDB-258681). The available connected docs confirm the affected component and ro...

CVE-2023-3088

The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

CVE-2023-3088 WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email

The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

CVE-2023-3088

CVE-2023-3088 affects the WordPress plugin WP Mail Log (plugin for WP mail logging). The vulnerability is a Stored Cross-Site Scripting (XSS) via email contents in versions up to and including 1.1.1 , caused by insufficient input sanitization and output escaping . Attackers can be unauthenticated...