89 matches found
GHSA-JMHP-5558-QXH5 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...
CVE-2026-27728
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...
CVE-2026-27728
OneUptime prior to v10.0.7 contains an OS command injection vulnerability in NetworkPathMonitor.performTraceroute() that allows an authenticated project user to inject shell metacharacters into a monitor destination, enabling arbitrary commands on the Probe server. Affected version: before 10.0.7...
CVE-2026-27728 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...
CVE-2026-27615
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...
PT-2026-21959
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...
Exploit for CVE-2026-22444
CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...
PT-2025-54227
Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...
inMusic Engine DJ 安全漏洞
inMusic Engine DJ is a suite of professional DJ software from inMusic USA. A security vulnerability exists in inMusic Engine DJ version 4.3.0, which stems from an insecure privilege in the exposed HTTP service in the remote library that could lead to access to all files and network paths...
CVE-2025-30201 Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leadin...
CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...
CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...
EUVD-2024-28141
Malicious code in bioql PyPI...
EUVD-2024-47650
Malicious code in bioql PyPI...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulne...
Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse
According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...
📄 KRUKSTON BISTRO 1.0 SQL Injection
KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...
PT-2025-15974 · Unknown +1 · Jenkins/Ssh-Slave +1
Name of the Vulnerable Software and Affected Versions: Jenkins/ssh-slave Docker images based on Debian affected versions not specified Description: The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all...
CVE-2024-30209
A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...
SUSE CVE-2022-48972
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INITLISTHEAD in ieee802154ifadd Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154netdevnotifiercall+0x120/0x3...