2234 matches found
CVE-2026-7491
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data...
Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities (cisco-sa-fmc-sql-injection-2qH6CcJd)
According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to...
CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...
CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...
CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...
OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)
Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...
PT-2026-34865
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...
GHSA-2WVH-87G2-89HR OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool
Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...
OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool
Vulnerability Type: Execution with Unnecessary Privileges Attack type: Authenticated remote Impact: Data disclosure/manipulation, privilege escalation Affected components: The following docker images: • Openc3inc/openc3-COSMOS-script-runner-api The Script Runner widget allows users to execute...
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Attack type: Authenticated remote Impact: Telemetry data disclosure and deletion Affected components: openc3-tsdb QuestDB A SQL injection vulnerability exists in the Time-Series Database...
CVE-2026-6834
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...
CVE-2026-6834
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...
CVE-2026-6833 aEnrich|a+HRD - SQL Injection
The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-21571
This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of...
CVE-2026-41036
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...
CVE-2026-41036
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...
CVE-2026-41036 Command Injection Vulnerability in Quantum Networks Router QN-I-470
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this...
CVE-2026-5966
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system...
CVE-2026-5967
ThreatSonar Anti-Ransomware (TeamT5) is affected by a Privilege Escalation vulnerability. The description states that authenticated remote attackers with shell access can inject OS commands and execute them with root privileges, indicating a post-authentication, command-injection path that could ...
CVE-2026-5967 TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges...