CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

CVE-2026-3519

creationtimestamp| type| source ---|---|--- 2026-04-20 11:13:25+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-371 2026-04-20 16:36:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwvo5btcf2p 2026-04-20 17:21:32+00:00| seen|...

CVE-2022-3519

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can b...

CVE-2025-3519

creationtimestamp| type| source ---|---|--- 2025-04-22 09:04:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12812 2025-04-22 12:00:38+00:00| seen| Telegram/Fkk7fCFfvxcN9yUdFFxPMM1IoLmdN1KJ3VKQ-hEiFiNXA 2025-04-22 12:33:00+00:00| seen| https://t.me/cvedetector/23489...

CVE-2025-3519 Replace uploaded files knowing the file upload ID

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

openSUSE Security Advisory (SUSE-SU-2024:3519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:3519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Exploit Repository Stack-Overflow on Citrix CVE-2023-3519...

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 Exploit Guide This document prov...

Citrix NetScalers backdoored in widespread exploitation campaign

Fox-IT has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure DIVD. Over 1900 instances were found to have a backdoor in the form of a web shell. These backdoored NetScalers can be taken over at will by an...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

Citrix ADC (NetScaler) Remote Code Execution Exploit

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. This module requires Metasploit:...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

PoC exploit for CVE-2023-3519, an arbitrary file read vulnerabil...

Metasploit Weekly Wrap-Up

Fly High in the Sky With This New Cloud Exploit! This week, a new module was added that takes advantage of both authentication bypass and command injection in certain versions of Western Digital's MyCloud hardware. Submitted by community member Erik Wynter, this module gains access to the target,...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...