CVE-2019-25741

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2019-25741

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

EUVD-2026-32958

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...

UFO³ 操作系统命令注入漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Versions of UFO³ prior to v3.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of ShellReceiver.runshell, which directly...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Unauth RCE rewrite Python...

Exploit for Improper Input Validation in Adobe Commerce

CVE-2025-54236 - SessionReaper Lab Ambiente Docker para demon...

Exploit for Missing Authentication for Critical Function in Cpanel

CPANEL CVE EXPLOIT English | فارسی PersianREADME...

Exploit for Missing Authentication for Critical Function in Cpanel

cPanelSniper CVE-2026-41940 — c...

cPanelSniper-

cPanelSniper CVE-2026-41940 — c...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940: cPanel/WHM Authentication Bypass Analysis...

CVE-2026-31718

The CVE-2026-31718 entries describe a use-after-free in ksmbd (Linux kernel in-kernel SMB3 server) triggered when a durable file handle survives a session disconnect. The root cause is an asymmetric cleanup of lock state: byte-range locks left on a freed conn->lock_list after fp->conn is nu...

Exploit for Missing Authentication for Critical Function in Cpanel

cPanelSniper CVE-2026-41940 — c...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 Detection & Verification !License: MIThttp...

CVE-2026-41940: cPanel & WHM Authentication Bypass

Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940, the identifier subsequently assigned on...

CVE-2026-35464

pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the...

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

GHSA-5J35-XR4G-VWF4 @grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...