Lucene search
K

252960 matches found

Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.11 views

Samba Unauthenticated Remote Code Execution

The printing subsystem of Samba suffers from an unauthenticated remote code execution vulnerability. Samba 4.22.10, 4.23.8 and 4.24.3 have been issued as security releases to correct the defect...

8.5CVSS6.5AI score0.12797EPSS
Exploits7
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the file/goform/formSetPortTr, which could allow a remote attacker to execute an...

6.5CVSS6.9AI score0.00399EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45050

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description The first-party A2A server example in PraisonAI contains a critical chain that allows remote code execution. The example binds the server to 0.0.0.0 and exposes the /a2a endpoint without...

9.8CVSS6.7AI score0.00084EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.52 views

📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

9.8CVSS8.1AI score0.10371EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:0 a.m.12 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

6.3AI score0.00472EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.8 views

PT-2026-44936

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.52 views

📄 Wing FTP Server 8.1.3 Remote Code Execution

Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...

8.6CVSS6.5AI score0.02643EPSS
Exploits5
CVE
CVE
added 2026/05/29 12:0 a.m.17 views

CVE-2026-39292

Summary: Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module, allowing remote attackers to upload arbitrary files and achieve remote code execution. Root cause: insufficient validation of uploaded file types and executabl...

7.3CVSS6.3AI score0.00472EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.64 views

📄 Apache ActiveMQ Jolokia AddNetworkConnector Remote Code Execution

Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...

8.8CVSS6.7AI score0.96666EPSS
Exploits12
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.66 views

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

9.8CVSS5.8AI score0.03092EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44938

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. Whe...

9.9CVSS6.5AI score0.0066EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

PHPagebuilder 安全漏洞

PHPagebuilder is a drag-and-drop page building tool developed by Hans Schouten. It is used to quickly create and manage websites. Version PHPagebuilder v0.31.0 contains a security vulnerability. This vulnerability stems from an unlimited file upload vulnerability in the pagmanager/pagebuilder...

7.3CVSS5.9AI score0.00472EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44855

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/method name and /simple execute/method name endpoints deserialize attacker-controlled HTTP request...

9.8CVSS6.7AI score0.00622EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the parameter peerPin within the goform/formWPS file, which could allow remote...

9CVSS7.6AI score0.00853EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44831

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.9 views

PT-2026-44939

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...

9.3CVSS6.3AI score0.0017EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...

9.9CVSS6.2AI score0.0066EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45033

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

8.6CVSS6.4AI score0.00557EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 12:0 a.m.13 views

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

6.3AI score0.00472EPSS
Exploits1References2
Rows per page
Query Builder