CVE-2025-2749 Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2024-42362

Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated user role RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0...

LibreNMS Authenticated Remote Code Execution

An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...

CVE-2025-23051

CVE-2025-23051 affects ArubaOS (AOS-8 through AOS-10) — a web-based management interface vulnerability allows an authenticated user to perform parameter injection to overwrite arbitrary system files. Root cause: parameter injection in the authenticated context. Impact: potential compromise of sys...

CVE-2024-9154 Authenticated Remote Code Execution

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 2633...

CVE-2024-9154

CVE-2024-9154 is a code-injection vulnerability in HMS Networks Ewon Flexy 205 that allows executing commands at the system level on the device. Affected product: Ewon Flexy 205 (firmware up to 14.8s0). The issue is described as enabling authenticated remote code execution with impact to confiden...

PT-2024-9736

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.6.0, 7.4.4 and below, 7.2.7 and below, 7.0.12 and below, 6.4.14 and below FortiManager Cloud versions 7.4.4 and below, 7.2.7 to 7.2.1, 7.0.12 to 7.0.1 Description The issue is related to an Improper Neutralization of...

CVE-2024-47558 Authenticated RCE via Path Traversal

Authenticated RCE via Path Traversal...

Metasploit Weekly Wrap-Up 10/04/2024

New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...

ManageEngine OpManager RCE (CVE-2024-5466)

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versio...

CVE-2024-5466

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

CVE-2024-5466

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...

CVE-2023-51615

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2024-2162 Authenticated Remote Code Execution in Kiloview NDI N series products

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

PT-2024-14045 · Qstar · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: The issue is an authenticated remote code execution vulnerability that allows attackers to arbitrarily execute commands. Recommendations: For QStar Archive Solutions...

Information disclosure

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

VulnCheck KEV: CVE-2019-1821

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist...