145 matches found
Cobbler <3.3.0 - Remote Code Execution
Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...
Exploit for Code Injection in Vmware Spring_Framework
PoC — CVE-2022-22965 Spring4Shell Disclaimer: This re...
CVE-2026-43634 HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2023-26360 — Adobe ColdFusion Unauthenticated RCE Python...
Exploit for Code Injection in Invoiceplane
CVE-2026-25548 — Remote Code Execution in InvoicePlane 1.7.0...
CVE-2026-25548
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...
CVE-2026-25548
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...
CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...
CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...
CVE-2026-25548 InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution RCE vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion LFI and Log Poisoning attack. An authenticated administrator can execute...
CVE-2026-25548
CVE-2026-25548 affects InvoicePlane 1.7.0 (and only 1.7.0 according to the description) and enables a critical remote code execution via a chained Local File Inclusion and Log Poisoning attack. An authenticated administrator can trigger the vulnerability by manipulating the public_invoice_templat...
InvoicePlane 安全漏洞
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a security vulnerability that stems from local file inclusion via links and log...
PT-2026-20546
Name of the Vulnerable Software and Affected Versions InvoicePlane versions 1.7.0 through 1.7.1 Description InvoicePlane is an open source application used for managing invoices, clients, and payments. A critical issue allows for Remote Code Execution RCE through a combination of Local File...
OpenClaw log poisoning (indirect prompt injection) via WebSocket headers
Summary In openclaw versions prior to 2026.2.13, OpenClaw logged certain WebSocket request headers including Origin and User-Agent without neutralization or length limits on the "closed before connect" path. If an unauthenticated client can reach the gateway and send crafted header values, those...
GHSA-G27F-9QJV-22PM OpenClaw log poisoning (indirect prompt injection) via WebSocket headers
Summary In openclaw versions prior to 2026.2.13, OpenClaw logged certain WebSocket request headers including Origin and User-Agent without neutralization or length limits on the "closed before connect" path. If an unauthenticated client can reach the gateway and send crafted header values, those...
Exploit for Path Traversal in Apache Http_Server
🔥 LFI-Destroyer – Authorized Penetration Testing Framework LFI-D...
openSUSE 16 Security Update : cpp-httplib (openSUSE-SU-2026:20056-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20056-1 advisory. - CVE-2025-66570: IP spoofing, log poisoning, and authorization bypass via header shadowing due to acceptance and parsing of client-controlled...
Security update for cpp-httplib (critical)
openSUSE security update: security update for cpp-httplib ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20056-1 Rating: critical References: bsc1254734 bsc1254735 Cross-References: CVE-2025-66570 CVE-2025-66577 CVSS scores: CVE-2025-66570 SUSE : 1...
SUSE-SU-2026:20090-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-66570: IP spoofing, log poisoning, and authorization bypass via header shadowing due to acceptance and parsing of client-controlled injected HTTP headers in incoming requests bsc1254734. - CVE-2025-66577: access and error log...
OPENSUSE-SU-2026:20056-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-66570: IP spoofing, log poisoning, and authorization bypass via header shadowing due to acceptance and parsing of client-controlled injected HTTP headers in incoming requests bsc1254734. - CVE-2025-66577: access and error log...