CVE-2026-3262 go2ismail Asp.Net-Core-Inventory-Order-Management-System Administrative redirect

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been...

CVE-2026-3262

Summary (CVE-2026-3262) A vulnerability in go2ismail “Asp.Net-Core-Inventory-Order-Management-System” (up to 9.20250118) affects the Administrative Interface via an unknown function, enabling manipulation that leads to execution after redirect. It can be exploited remotely and exploitation has be...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804: Bitbucket Remote Command Execution RCE...

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27975 Ajenti has a potential Remote Code Execution

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

PT-2026-22206

Name of the Vulnerable Software and Affected Versions go2ismail Free-CRM versions prior to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1 Description A flaw exists in go2ismail Free-CRM’s Administrative Interface component that allows for code execution after redirection via remote manipulation. The...

📄 Windows Notepad Markdown Link Code Execution

The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...

CVE-2026-22766

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

CVE-2026-0542

This CVE affects ServiceNow’s AI platform, where an unauthenticated user could, in certain circumstances, execute code within the ServiceNow Sandbox. The vulnerability is identified as a remote code execution flaw in the ServiceNow AI platform, with products affected including hosted instances an...

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph prior to 4.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from the caching layer’s ability to deserialize cached values using pickle.loads when msgpack serialization fails, potentially...

PT-2026-21992

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One Console affected versions not specified Description The Trend Micro Apex One Console is susceptible to a directory traversal issue that could lead to remote code execution. The issue allows an attacker to potentially gain...

CVE-2026-22553

CVE-2026-22553 affects all versions of InSAT MasterSCADA BUK-TS. It exposes an OS command injection via a field in the MMadmServ web interface, potentially enabling remote code execution. The provided data lists high impact across confidentiality, integrity, and availability, with network access ...

CVE-2025-46320

A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...

CVE-2026-22766

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/sessionajax.php endpoint. This issue was fixed in version 1.24.0190 Slican NCP and 6.61.0010 Slica...

CVE-2026-3066

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command...

CVE-2026-3065

CVE-2026-3065 affects HummerRisk up to 1.5.0, specifically the Cloud Task Dry-run component. The issue is in the function CommandUtils.commonExecCmdWithResult of CloudTaskService.java, where manipulating the fileName argument enables command injection. Remote exploitation is possible, and the exp...

CVE-2025-9120 RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

InSAT MasterSCADA BUK-TS SQL注入漏洞

InSAT MasterSCADA BUK-TS is an industrial automation control component developed by the Russian company InSAT. InSAT MasterSCADA BUK-TS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the main web interface, which may lead to remote code execution...