104 matches found
PT-2026-22427
Name of the Vulnerable Software and Affected Versions openDCIM versions 23.04 through commit 4467e9c4 Description The application retrieves the dot configuration parameter from the database and passes it directly to the exec function without validation or sanitation. If an attacker can modify the...
CVE-2026-27744
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...
PT-2026-21859
Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...
CVE-2024-56373
DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...
CVE-2024-56373
Summary of CVE-2024-56373 : Apache Airflow 2.x contains a vulnerability in the log template history mechanism that can allow a user (DAG Author) with existing permissions to manipulate the Airflow database and execute arbitrary code in the web-server context, leading to potential remote code exec...
PT-2026-21670
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...
CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE
manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...
CVE-2025-65109
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...
CVE-2025-65109
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...
EUVD-2025-36994
Apache Airflow /api/v2/dagReports executes DAG Python in API...
CVE-2025-62402
API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...
EUVD-2012-6598
Malware in sbrugna...
EUVD-2012-6588
Malware in sbrugna...
EUVD-2022-32160
Malicious code in bioql PyPI...
CVE-2012-10058
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server proce...
CVE-2012-10052
EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...
CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...
CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...
PT-2025-31688 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...
Xorg-x11-server: selinux context corruption
...