CVE-2026-33873

CVE-2026-33873 affects Langflow. Before v1.9.0, the Agentic Assistant feature can execute LLM-generated Python code during its validation phase, reaching dynamic execution sinks and instantiating the generated class server-side. In deployments where an attacker can access the Agentic Assistant an...

PT-2026-28544

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow's Agentic Assistant feature, prior to version 1.9.0, executes LLM-generated Python code during validation. This implementation allows for arbitrary server-side Python execution if an attack...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from the VIEWSTATE processing in ASP.NET servlets, which allowed untrusted dat...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2026-21718

An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system...

📄 PivotX 3.0.0 RC 3 Command Injection

PivotX content management system versions up to and including 3.0.0-rc3 contain an authenticated remote code execution vulnerability that allows administrative users to modify PHP files directly through the web interface, leading to complete system compromise...

Exploit for CVE-2026-25512

CVE-2026-25512 PoC – Group-Office Authenticated RCE via TNEF H...

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI Virtual Appliance Management Infrastructure. An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

EUVD-2025-206087

meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

CVE-2021-47736

CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

Vulnerability fixed in Fortinet FortiWeb

Fortinet has fixed a vulnerability in FortiWeb. The vulnerability is in the way Fortinet FortiWeb handles HTTP requests and CLI commands. Authenticated attackers can exploit this vulnerability to execute unauthorized code via carefully crafted HTTP requests or CLI commands. Fortinet has confirmed...

EUVD-2021-19838

Malware in sbrugna...

EUVD-2013-5577

Malware in sbrugna...

EUVD-2011-5074

Malware in sbrugna...

EUVD-2009-4386

Malware in sbrugna...

EUVD-2019-16927

Malware in sbrugna...

(0Day) Ivanti Endpoint Manager Report_Run2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRun2 class. The issue results from the lack of proper validation of a...