255844 matches found
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems K...
CVE-2026-10072
DreamMaker (Interinfo) is affected by an Arbitrary File Upload vulnerability that enables privileged remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on the server. The issue is documented in CVE-2026-10072 with CVSS metrics indicating high severit...
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...
CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...
CVE-2026-45312
RAGFlow (open-source RAG engine) is affected in 0.24.0 and earlier by a Jinja2 template injection in the prompt generator (rag/prompts/generator.py). This allows any authenticated user to execute arbitrary OS commands on the server via the SSTI chain, once a user registers and creates a Canvas wo...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
EUVD-2026-33281
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326
CVE-2026-8326 describes a path traversal in Remote Spark SparkView via the RDP drive redirection , enabling an unauthenticated attacker to read and write arbitrary files as root, potentially leading to remote code execution . Affected builds are listed as “before build 1127.” The CVSS 4.0 base sc...
EUVD-2025-209989
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
EUVD-2026-33277
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-9559
CVE-2026-9559 describes a path traversal vulnerability in Mautic 7 within the campaign import feature. During ZIP extraction in campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories, enabling an authenticated user with campaign import priv...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...