Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

Drupal - Remote Code Execution

Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases. id: CVE-2019-6340 info: name: Drupal - Remote Code Execution author: madrobot severity:...

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

cPH2 Charging Station v1.87.0 - OS Command Injection

An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. id: CVE-2023-46359 info: name: cPH2...

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

Craft CMS - Remote Code Execution via Template Path Manipulation

This template identifies a critical Remote Code Execution RCE vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9. The vulnerability exists due to improper handling of the --templatesPath query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig...

Apache Struts2 S2-062 - Remote Code Execution

Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

Windows Server 2003 & IIS 6.0 - Remote Code Execution

Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 ██████╗██╗ ██╗███████╗ ██╗ ██╗ ██╗...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

The CVE-2026-20452 entry concerns memory corruption in the wlan AP driver caused by a heap buffer overflow. Impact is remote (proximal/adjacent) code execution with HIGH confidentiality, integrity, and availability impact, exploitable with adjacent network access, low privileges, and no user inte...

EUVD-2026-33541

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

NETGEAR Routers - Remote Code Execution

NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow...

OpenTSDB <=2.4.0 - Remote Code Execution

OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...