CVE-2026-5757

creationtimestamp| type| source ---|---|--- 2026-04-25 14:17:03+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3mkda6kaxwz2n 2026-05-07 14:21:50+00:00| seen| https://bsky.app/profile/ai-sight.bsky.social/post/3mlbg25s2eo26 2026-05-18 18:18:06+00:00| seen|...

📄 ZAI-Shell P2P Command Injection

This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

PT-2026-7176

Name of the Vulnerable Software and Affected Versions ZAI Shell versions prior to 9.0.3 Description ZAI Shell, an autonomous SysOps agent, has an issue in its P2P terminal sharing feature share start. Before version 9.0.3, this feature opens a TCP socket on port 5757 without authentication. A...

CVE-2025-5757

A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument...

CVE-2025-5757

Code-projects Traffic Offense Reporting System 1.0 is affected by a cross-site scripting vulnerability in /save-reported.php. User-supplied parameters such as offence_id, vehicle_no, driver_license, name, address, gender, officer_reporting, and offence can be manipulated to inject malicious scrip...

CVE-2025-5757 code-projects Traffic Offense Reporting System save-reported.php cross site scripting

A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument...

CVE-2007-5757

Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database UDB 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as...

CGA-56M4-5757-C9J7

Bulletin has no description...

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.35 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.35 Fixed in 1.6.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5757 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9adb54f1f001...

CVE-2023-5757

creationtimestamp| type| source ---|---|--- 2024-01-01 14:31:29+00:00| seen| https://t.me/ctinow/161316...

CVE-2023-5757 WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery

CSRF Add Admin: ---------------...

Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery Vulnerability

!-- Sielco Analog FM Transmitter 2.12 Cross-Site Request Forgery Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7 EXC30GT 1.7.4...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5757-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5757-2 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential...

Ubuntu: Security Advisory (USN-5757-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...