163 matches found
Node.js React Server Components Unauthenticated Remote Code Execution (CVE-2025-55182)
Multiple Node.js React Server Components packages are affected by an unauthenticated remote code execution vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0 - react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0 -...
CVE-2025-63932
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...
EUVD-2017-14107
Malware in sbrugna...
EUVD-2021-24598
Malware in sbrugna...
EUVD-2018-11326
Malware in sbrugna...
EUVD-2021-7561
Malicious code in bioql PyPI...
EUVD-2024-54340
Malicious code in bioql PyPI...
Exploit for Code Injection in Xwiki
exploit-scripts...
Exploit for CVE-2025-34085
📂 Simple File List – Unauthenticated RCE Exploit CVE-2025-340...
Exploit for Injection in Cisco Identity_Services_Engine
CVE-2025-20281 — Cisco ISE ERS API Unauthenticated RCE Exploit...
Exploit for Injection in Cisco Identity_Services_Engine
CVE-2025-20281-2-Cisco-ISE-RCE Unauthenticated Python PoC for...
Unauthenticated Remote Code Execution (RCE)
github.com/kro-run/kro is vulnerable to Unauthenticated Remote code execution RCE. The vulnerability is due to a confused-deputy scenario, where users with permission to create or modify ResourceGraphDefinition resources can supply arbitrary container images that kro's controllers deploy and run ...
CVE-2024-40110
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution RCE vulnerability via the productimage parameter at /farm/product.php...
CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2024-6198 SNORE Interface Unauthenticated Remote Code Execution
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could u...
Tatsu 3.3.11 - Unauthenticated RCE
Exploit Title:Tatsu 3.3.11 - Unauthenticated RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Product: Tatsu wordpress plugin = 3.3.11 CVE:...
CVE-2024-13804
Unauthenticated RCE in HPE Insight Cluster Management Utility...
Linux Distros Unpatched Vulnerability : CVE-2023-26035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33...
Metasploit Weekly Wrap-Up: 02/28/2025
New module content 5 mySCADA myPRO Manager Credential Harvester CVE-2025-24865 and CVE-2025-22896 Author: Michael Heinzl Type: Auxiliary Pull request: 19878 contributed by h4x-x0r Path: admin/scada/mypromgrcreds AttackerKB reference: CVE-2025-22896 Description: This module adds credential...
NetAlertX 24.9.12 Command Injection
An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...