EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

WordPress Premmerce Dev Tools plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Premmerce Dev Tools versions = 2.0...

LimeSurvey 4.1.11 - Local File Inclusion

LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Local File Inclusion author: daffainfo severity: critical...

Primetek Primefaces 5.x - Remote Code Execution

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. id: CVE-2017-1000486 info: name: Primetek Primefaces 5.x - Remote Code Execution author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption fl...

UnRaid <=6.80 - Remote Code Execution

UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. id: CVE-2020-5847 info: name: UnRaid =6.80 - Remote Code Execution author: madrobot severity: critical description: UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. impact: |...

Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to 1 CFIDE/administrator/settings/mappings.cfm, 2 logging/settings.cfm, 3 datasources/index.cfm, 4...

Oracle Weblogic Server - Remote Command Execution

Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. id: CVE-2020-14882 info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity:...

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

React Server Components - Remote Code Execution

React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...

Langflow AI - Unauthenticated Remote Code Execution

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. id: CVE-2025-3248 info: name: Langflow AI - Unauthenticated Remote Code Execution author: nvn172...

TerraMaster TOS - Unauthenticated Remote Command Execution

TerraMaster TOS = 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. id: CVE-2020-28188 info: name: TerraMaster TOS - Unauthenticated Remote Command Execution...

Apache Airflow <=1.10.10 - Remote Code Execution

Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending on the executor in us...

Drupal - Remote Code Execution

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. id: CVE-2018-7600 info: name: Drupal - Remote Code Execution author:...

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

NUUO NVRmini - Remote Command Execution

NUUO NVRmini is vulnerable to unauthenticated remote command execution through the upgradehandle.php file. The vulnerability allows an attacker to execute arbitrary commands by manipulating the uploaddir parameter. id: CVE-2018-14933 info: name: NUUO NVRmini - Remote Command Execution author:...

CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution

CWP Control Web Panel 0.9.8.1205 contains a remote code execution caused by shell metacharacters in the ttotal parameter in filemanager changePerm request, letting unauthenticated attackers execute code remotely, exploit requires knowledge of a valid non-root username. id: CVE-2025-48703 info:...