CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

VulnCheck KEV: CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

Fortinet FortiClient EMS Improper Access Control Vulnerability

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

CVE-2026-35216

Budibase is an open-source low-code platform. Prior to version 3.33.4 , an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a ** Bash step** via the public webhook endpoint. The process runs as root inside the contai...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-29014

CVE-2026-29014 affects MetInfo CMS versions 7.9, 8.0, and 8.1 with an unauthenticated PHP code injection that enables remote code execution. The vulnerability arises from insufficient input neutralization in the execution path, allowing remote attackers to send crafted requests containing PHP cod...

PT-2026-29514

Name of the Vulnerable Software and Affected Versions MetInfo CMS versions 7.9 through 8.1 Description An unauthenticated PHP code injection flaw allows remote attackers to execute arbitrary code and gain full control over the affected server by sending crafted requests containing malicious PHP...

Vulnerability fixed in Fortinet FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS version 7.4.4. The vulnerability with reference CVE-2026-21643 concerns a critical vulnerability in FortiClient EMS. The cause lies in the improper neutralization of special SQL commands, which allows an unauthenticated malicious person to...

Linux Distros Unpatched Vulnerability : CVE-2018-25224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious value...

CVE-2018-25225

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the...

CVE-2018-25224

CVE-2018-25224 affects PMS 0.42. The vulnerability is a stack-based buffer overflow in the configuration file parser that allows local, unauthenticated attackers to execute arbitrary code by supplying oversized input; shell commands can be executed via return-oriented programming gadgets. The pro...

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...

omrs-rce

OMRS — Online Marriage Registration System 1.0 — RCE & Auto Re...

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-3060 CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

CVE-2026-25823

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution...