EUVD-2022-36141

Malicious code in bioql PyPI...

EUVD-2023-33493

Malicious code in bioql PyPI...

Cisco Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution (cisco-sa-asaftd-webvpn-z5xP8EUB)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability: - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an...

CVE-2025-5717

An authenticated remote code execution RCE vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing...

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2012-10028 Netwin SurgeFTP <= v23c8 Authenticated RCE

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to surgeftpmgr.cgi. This can lead to full remote code execution on the underlying system...

CVE-2025-20283

The vulnerability (CVE-2025-20283) affects Cisco Identity Services Engine (ISE) and ISE-PIC via a specific API, caused by insufficient validation of user-supplied input. An attacker with valid high-priv credentials could submit crafted API requests to execute commands as root on the underlying OS...

CVE-2025-34104 Piwik Authenticated RCE via Custom Plugin Upload

An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...

CVE-2025-34088

Summary: Pandora FMS 7.0NG and earlier expose an authenticated remote code execution via the net_tools.php module, specifically the select_ips parameter used in network tools (e.g., ping). This occurs because unsanitized input is passed to system commands, enabling command injection. Public refer...

CVE-2025-34088 Pandora FMS Authenticated Remote Code Execution via Ping Module

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The nettools.php functionality allows authenticated users to execute arbitrary OS commands via the selectips parameter when performing network tools operations, such as pinging. This occurs becau...

Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...

CVE-2023-1168

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switc...

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

CVE-2023-40265

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload...

CVE-2023-33722

EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution RCE vulnerability via the pppUserName parameter...

CVE-2023-27604

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

CVE-2021-40387

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution...

Exploit for Unrestricted Upload of File with Dangerous Type in Mozilo Mozilocms

MoziloCMS = 3.0.1 Authenticated RCE Description This scr...

📄 WBCE CMS 1.6.3 Remote Code Execution

WBCE CMS version 1.6.3 suffers from an authenticated remote code execution vulnerability. Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat...