25396 matches found
ROOT-OS-DEBIAN-12-CVE-2026-41080 CVE-2026-41080 in rootio-expat - Patched by Root
Root has patched CVE-2026-41080 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...
sar2html <=3.2.2 Plot Parameter - Remote Code Execution
sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands. id: CVE-2025-34030 info: name: sar2html...
Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal
The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...
Web-Check < 2.0.1 Screenshot API - OS Command Injection
Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...
FTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline
Fetch and execute an x86 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...
FTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline
Fetch and execute an x86 payload from an FTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
FTP Fetch, Windows Meterpreter Shell, Reverse HTTP Inline
Fetch and execute an x86 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x86/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf...
FTP Fetch, Windows Meterpreter Shell, Reverse TCP Inline x64
Fetch and execute an x64 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf...
FTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline (x64)
Fetch and execute an x64 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...
CVE-2026-56688
Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...
CVE-2026-56688
Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...
CVE-2026-41880
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
CVE-2026-41876
R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...
ROOT-OS-DEBIAN-12-CVE-2026-5773 CVE-2026-5773 in rootio-curl - Patched by Root
Root has patched CVE-2026-5773 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-41880 OS Command Injection in R-SOFT DMS
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...
CVE-2026-41876
R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...
CVE-2026-14052 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-X454-5847-5CWH vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-VRWX-R2MM-M3QM vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-2FJR-R86H-FPW3 vulnerabilities
Vulnerabilities for packages: chromium...