353 matches found
VulnCheck KEV: CVE-2020-10650
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...
CVE-2024-47944
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function...
CVE-2016-10824
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-90...
CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...
CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...
CVE-2025-0953
The CVE-2025-0953 entry concerns the SMTP for Sendinblue – YaySMTP WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) flaw in versions up to 1.1.1 caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute when ...
CVE-2024-53673
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...
PT-2024-35804 · Hewlett Packard · Hpe Insight Remote Support
Name of the Vulnerable Software and Affected Versions: HPE Remote Insight Support affected versions not specified Description: A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. The issue is related to the deserialization of...
Hewlett Packard Enterprise Insight Remote Support 安全漏洞
Hewlett Packard Enterprise Insight Remote Support HPE Insight RS is a software solution from Hewlett Packard Enterprise USA that enables passive and active remote support to improve the availability of supported remote support. A security vulnerability exists in Hewlett Packard Enterprise Insight...
CVE-2024-10571
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
Kerui HD 3MP 1080P Tuya Camera 安全漏洞
Kerui HD 3MP 1080P Tuya Camera is a high-definition surveillance camera from Kerui. A security vulnerability exists in Kerui HD 3MP 1080P Tuya Camera version 1.0.4, which stems from the presence of a command injection vulnerability that allows an attacker to create a customized, unauthenticated Q...
VulnCheck KEV: CVE-2024-51568
CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...
BYOB 安全漏洞
BYOB Build Your Own Botnet is an open source post-exploitation framework for students, researchers and developers by malwaredllc individual developers. BYOB has a security vulnerability that originates from unauthenticated remote code execution via arbitrary file writes and command injection...
CVE-2024-47944 Missing Protection Mechanism for Alternate Hardware Interface
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function...
CVE-2024-47944
CVE-2024-47944 affects Rittal IoT Interface & CMC III Processing Unit. The vulnerability arises because the device directly executes a .patch firmware upgrade file from a USB stick via the admin/management interface without authentication, enabling unauthenticated code execution through the firmw...
CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...
CVE-2024-45695
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device...
PT-2024-31513
Name of the Vulnerable Software and Affected Versions BYOB affected versions not specified Description The issue concerns unauthenticated remote code execution on BYOB via arbitrary file write. A research paper was written on this topic, but there was an incident involving the theft of this...
CVE-2024-42393
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...