CVE-2025-8913

Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server...

CVE-2025-25256

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-25256

Fortinet FortiSIEM contains an OS command injection (CWE-78) vulnerability that allows an unauthenticated attacker to execute arbitrary commands via crafted CLI requests. Affected versions span FortiSIEM 6.1–6.7, 7.0–7.3 (specifically 7.0.0–7.0.3, 7.1.0–7.1.7, 7.2.0–7.2.5, 7.3.0–7.3.1) with fixed...

Exploit for Code Injection in Xwiki

CVE-2025-24893 XWiki Unauthenticated Remote code execution POC...

Lantronix Provisioning Manager XML External Entity Injection Vulnerability

Lantronix Provisioning Manager is a software for gateway configuration and firmware updates from Lantronix USA. Lantronix Provisioning Manager suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters set to all...

VulnCheck KEV: CVE-2020-10650

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...

CVE-2024-47944

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function...

CVE-2016-10824

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-90...

CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...

CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

Hewlett Packard Enterprise Insight Remote Support 安全漏洞

Hewlett Packard Enterprise Insight Remote Support HPE Insight RS is a software solution from Hewlett Packard Enterprise USA that enables passive and active remote support to improve the availability of supported remote support. A security vulnerability exists in Hewlett Packard Enterprise Insight...

PT-2024-35804 · Hewlett Packard · Hpe Insight Remote Support

Name of the Vulnerable Software and Affected Versions: HPE Remote Insight Support affected versions not specified Description: A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. The issue is related to the deserialization of...

CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

Kerui HD 3MP 1080P Tuya Camera 安全漏洞

Kerui HD 3MP 1080P Tuya Camera is a high-definition surveillance camera from Kerui. A security vulnerability exists in Kerui HD 3MP 1080P Tuya Camera version 1.0.4, which stems from the presence of a command injection vulnerability that allows an attacker to create a customized, unauthenticated Q...

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

BYOB 安全漏洞

BYOB Build Your Own Botnet is an open source post-exploitation framework for students, researchers and developers by malwaredllc individual developers. BYOB has a security vulnerability that originates from unauthenticated remote code execution via arbitrary file writes and command injection...

CVE-2024-47944

CVE-2024-47944 affects Rittal IoT Interface & CMC III Processing Unit. The vulnerability arises because the device directly executes a .patch firmware upgrade file from a USB stick via the admin/management interface without authentication, enabling unauthenticated code execution through the firmw...

CVE-2024-47944 Missing Protection Mechanism for Alternate Hardware Interface

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function...