252442 matches found
CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
UBUNTU-CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47976
CVE-2021-47976 affects TextPattern CMS 4.9.0-dev. An authenticated attacker can exploit the plugin upload functionality to upload arbitrary PHP files, obtain a CSRF token from the plugin event page, and place PHP payloads in the textpattern/tmp/ directory for code execution. The CVE is documented...
CVE-2021-47976
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...
CVE-2021-47976 TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...
CVE-2021-47976 TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to...
EUVD-2021-34842
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952
CVE-2021-47952 affects python jsonpickle 2.0.0 and describes a remote code execution vulnerability through deserialization of JSON payloads containing py/repr objects. The attack leverages directives that invoke eval during deserialization to execute system commands and arbitrary code, with high-...
CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
EUVD-2020-31228
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
CVE-2020-37227
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
CVE-2020-37227
HS Brand Logo Slider 2.1 (a WordPress plugin) has an unrestricted file upload vulnerability. Authenticated users can bypass client-side extension checks by targeting the logoupload parameter in the admin interface and rename uploaded files to executable extensions such as .php, enabling remote co...
CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...
Exploit for CVE-2026-4882
CVE-2026-4882 User Registration Advanced Fields = 1.6.20 - Un...
Exploit for CVE-2026-6433
CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...
Exploit for Double Free in Apache Http_Server
cve-2026-23918 Defensive audit tools for CVE-2026-23918...
Exploit for CVE-2026-42945
CVE-2026-42945 nginx 32-bit Exploit Lab This repository is a...