CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

Metasploit Wrap-Up 01/16/2026

Persistence, dMSA Abuse & RCE Goodies This week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week’s modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse...

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CS-Cart-POC

CS-Cart RCE & LFI Exploit Developed by: Strikoder Tes...

EUVD-2024-39571

Malicious code in bioql PyPI...

EUVD-2024-27373

Malicious code in bioql PyPI...

CVE-2012-10028

CVE-2012-10028 affects Netwin SurgeFTP

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

Veeam Backup and Replication 12.x < 12.3.1.1139 Authenticated RCE (March 2025) (KB4724)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.1.1139. It is, therefore, affected by an authenticated remote code execution vulnerability: - A vulnerability allowing remote code execution RCE by authenticated domain users. Note: This...

LibreNMS Authenticated Remote Code Execution Exploit

An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425-WonderCMS-Authenticated-RCE Description Won...

CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

CVE-2024-47558

Authenticated RCE via Path Traversal...

CVE-2024-47558

CVE-2024-47558 is described as an Authenticated RCE via Path Traversal affecting the Xerox FreeFlow Core platform. Connected sources corroborate the vulnerability pattern and indicate the impact as high (C/H/I/A) with an authenticated requirement and path traversal as the flaw vector. Public refe...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵...

CVE-2024-42362 GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import

Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated user role RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0...

CVE-2024-42362 GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import

Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated user role RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0...

CVE-2024-42362

CVE-2024-42362 affects Hertzbeat, an open-source real-time monitoring system. It describes an authenticated (user role) remote-code-execution vulnerability via unsafe deserialization in /api/monitors/import. The issue is classified with a high impact (CVSS v3.1: 8.8) affecting confidentiality, in...