Lucene search
K

211 matches found

RedHat Linux
RedHat Linux
added 2026/04/10 3:7 p.m.19 views

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.2AI score0.142EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/04/09 10:59 p.m.3 views

CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...

9.8CVSS6.3AI score0.00551EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/08 12:14 p.m.118 views

Exploit for OS Command Injection in Magnussolution Magnusbilling

THM-MagnusBilling-CVE-2023-30258 Perfect! Let’s convert your f...

9.8CVSS6AI score0.9425EPSS
Exploits15
RedhatCVE
RedhatCVE
added 2026/04/03 11:20 p.m.5 views

CVE-2026-34980

A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...

7.5CVSS6.4AI score0.00502EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.5 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.8CVSS6AI score0.00447EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 6:55 p.m.40 views

CVE-2026-35053

OneUptime prior to v10.0.42 exposes unauthenticated access in the Worker service ManualAPI endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId, allowing an attacker who can obtain or guess a workflowId to trigger arbitrary workflow execution with attacker-cont...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:20 p.m.4 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.7CVSS6.1AI score0.00447EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.5 views

CVE-2026-25873

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

9.8CVSS6.9AI score0.01077EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:16 a.m.4 views

CVE-2026-33057

Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard...

9.8CVSS5.9AI score0.05289EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/20 7:16 a.m.18 views

CVE-2026-33057

Mesop (Python-based UI framework) versions 1.2.2 and earlier are affected by an unauthenticated remote code execution via the test-suite route /exec-py. The vulnerability stems from an explicit web endpoint in the ai/ testing module that ingests untrusted Python code strings unconditionally and e...

9.8CVSS5.9AI score0.05289EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:52 a.m.35 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS0.98412EPSS
Exploits20References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.39 views

VulnCheck KEV: CVE-2026-33017

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.8CVSS6.2AI score0.99972EPSS
In wildExploits52References8
OSV
OSV
added 2026/03/18 8:5 p.m.10 views

GHSA-GJGX-RVQR-6W6V Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Summary An explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil...

9.8CVSS6.1AI score0.05289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26150

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Daytona versions prior to 0.184.0 Description Two distinct issues were identified. First, a flaw in the SOAP API of VMware vCenter Server allows unauthenticated attackers to trigger arbitra...

7CVSS6.2AI score0.00249EPSS
Exploits0References6
OSV
OSV
added 2026/03/12 12:30 p.m.9 views

GHSA-JX93-G359-86WM SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.5AI score0.01158EPSS
Exploits1References6
OSV
OSV
added 2026/03/12 11:37 a.m.5 views

CVE-2026-3059 CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01534EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-27971

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

9.8CVSS6.4AI score0.04632EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 10:55 p.m.5 views

EUVD-2026-9345

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

9.2CVSS6.4AI score0.04632EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/03 9:37 p.m.179 views

Qinglong-Auth-bypass-to-RCE-poc

Qinglong Auth Bypass to Command Execution A proof-of-concept...

6.2AI score
Exploits0
CVE
CVE
added 2026/02/25 3:8 a.m.22 views

CVE-2026-27744

The CVE-2026-27744 entry concerns the SPIP tickets plugin (versions prior to 4.3.3) with an unauthenticated remote code execution in the forum preview handling for public ticket pages. The vulnerability arises from appending untrusted request parameters into HTML that is later rendered by a templ...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder