8766 matches found
CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
CVE-2026-28409 WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
CVE-2026-20902
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
CVE-2026-20902
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
CVE-2026-20902 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
CVE-2026-20902 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
CVE-2026-20902
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...
PT-2026-22250
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists that allows an authenticated attacker to execute code remotely. This is achieved by injecting malicious input into the map filename field during t...
PT-2026-22412
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. A critical Remote Code Execution RCE issue exists in the application’s database restoration functionality. An attacker with administrative access can...
CVE-2026-28207
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-28207
CVE-2026-28207 (Zen C) : Prior to 0.4.2, Zen C’s compiler could be tricked into executing arbitrary shell commands via a crafted output filename passed to -o. The flaw resided in the main.c logic where a command string was built by concatenating arguments and executed with system(), allowing shel...
CVE-2026-28207
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
EUVD-2026-8908
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...