12374 matches found
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
EUVD-2026-19422
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.
Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-5372 DESCRIPTION: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible...
CVE-2026-30613
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...
AZIOT 1 Node Smart Switch 安全漏洞
AZIOT 1 Node Smart Switch is a single-node intelligent switching device developed by the Indian company AZIOT. Version 1.1.9 of AZIOT 1 Node Smart Switch contains a security vulnerability. This vulnerability stems from improper access control of the UART debugging interface, which may allow...
chyrp-lite 代码问题漏洞
Chyrp-Lite is a self-hosted blog and website platform developed by Daniel Pimley. Versions of Chyrp-Lite prior to version 2026.01 contained code vulnerabilities. These vulnerabilities stemmed from path traversal vulnerabilities in the management console, which could lead to arbitrary file downloa...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
EUVD-2026-18601
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
GHSA-QPC3-8VQG-8G6W pymetasploit3 vulnerable to command injection in console.run_module_with_output()
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
pymetasploit3 vulnerable to command injection in console.run_module_with_output()
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
Arbitrary Command Injection
Overview pymetasploit3 is an A full-fledged msfrpc library for Metasploit framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via the console.runmodulewithoutput function. An attacker can execute arbitrary commands and manipulate sessions by injecting newlin...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
The vulnerability CVE-2026-5463 affects the pymetasploit3 project (through version 1.0.6) where console.run_module_with_output() accepts newline characters in module options (e.g., RHOSTS). This can break the intended command structure and cause the Metasploit console to execute additional uninte...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...