30429 matches found
Exploit-Dev-Lab-Vulnserver-TRUN
Buffer Overflow Exploitation — Vulnserver TRUN Ty...
SUSE CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
VulnCheck KEV: CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
Impact A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining t...
CVE-2026-6942
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2cmdstr. Attackers can inject shell metacharacters throu...
CVE-2018-25310
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...
CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...
EUVD-2018-21831
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...
CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...
CVE-2018-25310
VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated remote code execution vulnerability. An attacker with valid credentials can exploit a cross-site request forgery in the web management interface to inject and execute system commands via Tools > System > Shell, gain...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
h2database-rce-poc
H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...
MAL-2026-3180 Malicious code in nicegui (npm)
Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...
CLSA-2026-1777452220 cockpit: Fix of CVE-2026-4631
CVE-2026-4631: Fix SSH command-line argument injection in cockpit-ws / beiboot Critical RCE...
MAL-2026-3157 Malicious code in apple-internal-auth-v3 (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
bash: Fix of CVE-2019-9924
CVE-2019-9924: reject attempts to add pathnames containing slashes to the hash table in restricted shell...
CLSA-2026-1777446568 bash: Fix of CVE-2019-9924
CVE-2019-9924: reject attempts to add pathnames containing slashes to the hash table in restricted shell...
vim: Fix of CVE-2026-33412
CVE-2026-33412: fix command injection via newline character in glob on Unix-like systems by escaping '\n' in SHELLSPECIAL...
CLSA-2026-1777446368 vim: Fix of CVE-2026-33412
CVE-2026-33412: fix command injection via newline character in glob on Unix-like systems by escaping '\n' in SHELLSPECIAL...