CVE-2026-23882

Blinko (AI-powered card note-taking) before version 1.8.4 is affected by a remote command execution in the MCP (Model Context Protocol) server creation function, which allowed specifying arbitrary commands and arguments that are executed during connection testing. The issue is patched in version ...

CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

CVE-2024-37047

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring...