PT-2026-3542

Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller affected versions not specified Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an arbitrary file upload issue. This allows remote attackers with sufficient privileges to upload and...

EUVD-2024-32360

Malicious code in bioql PyPI...

EUVD-2025-6829

Malicious code in bioql PyPI...

EUVD-2022-41799

Malicious code in bioql PyPI...

EUVD-2023-57711

Malicious code in bioql PyPI...

CVE-2025-8145

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

BeyondTrust Remote Support (RS) 24.2.2 < 24.3.3 Server-Side Template Injection

The version of BeyondTrust Remote Support RS running on the remote host is affected by a server-side template injection vulnerability which can lead to remote code execution. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-5824 Path Traversal in parisneo/lollms

A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...

CVE-2024-1882 Server-side resource injection in PaperCut NG/MF

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

PT-2023-22359 · Pyrocms · Pyrocms

Name of the Vulnerable Software and Affected Versions: PyroCMS version 3.9 Description: The issue is a remote code execution flaw that can be exploited through a server-side template injection SSTI flaw, allowing a malicious attacker to send customized commands to the server and execute arbitrary...

CVE-2023-0755

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code...

PT-2023-16503 · Microsoft +4 · .Net Sdk +10

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute...

Interactive Studio GamePort 3.03.14.0 - Arbitrary Application Execution

Interactive Studio GamePort 3.03.14.0 - Arbitrary Application Execution source: https://www.securityfocus.com/bid/12006/info Gameport is reported prone to multiple vulnerabilities in the client and server. These issues may allow an attacker to gain unauthorized access to a vulnerable server and...

Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String

Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String source: https://www.securityfocus.com/bid/9840/info A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly saniti...

Переполнение буфера в Statistics Server

Переполнение буфера в одном из CGI-компонентов позволяет выполнение кода с привилегией сервера...

Fujitsu Chocoa 1.0 beta7R - Topic Remote Buffer Overflow

Fujitsu Chocoa 1.0 beta7R - Topic Remote Buffer Overflow // source: https://www.securityfocus.com/bid/573/info The Chocoa IRC client has an unchecked buffer in the code that processes channel topics. If the server returns a topic that overwrites the client's buffer and contains exploit code...