16940 matches found
Exploit for Code Injection in Flowiseai Flowise
CVE-2025-59528: Flowise CustomMCP Remote Code Exe...
DEBIAN-CVE-2026-11680
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-11670
Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...
MiracleLinux 8 : samba-4.19.4-16.el8_10.ML.1 (AXSA:2026-767:06)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-767:06 advisory. samba: group policy certificate enrollment uses without validation CVE-2026-3012 samba: Samba: Remote Code Execution in printing subsystem via...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There is a code injection vulnerability in Microsoft Exchange Server. Attackers can explo...
Microsoft Nuance PowerScribe 代码问题漏洞
Microsoft Nuance PowerScribe is a medical speech recognition and report generation system for radiologists developed by Microsoft. There are code-related vulnerabilities in Microsoft Nuance PowerScribe. Attackers can exploit these vulnerabilities to execute code remotely. The following products a...
CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...
TencentOS Server 4: postgresql (TSSA-2026:0343)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0343 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
PT-2026-47488
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A type confusion issue in bindings allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusion occurs when a program...
CVE-2026-11463
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...
CVE-2026-11452
A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....
CVE-2026-45777
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...
PT-2026-47191
Name of the Vulnerable Software and Affected Versions USCiLab Cereal versions prior to 1.3.3 Description A type confusion issue exists within the Shared Pointer Handler component. A remote attacker can execute a manipulation to trigger this condition, which occurs when a program accesses a resour...
CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...
CVE-2026-45777
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...
CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...
CVE-2026-42503
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This c...
CVE-2025-41277
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2026-41689
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...
CVE-2026-45779
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...