51 matches found
CVE-2026-45431
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...
CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...
NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
CVE-2026-41957
CVE-2026-41957 affects the BIG-IP and BIG-IQ Configuration utility. The connected advisory confirms an authenticated remote code execution vulnerability via undisclosed vectors in the Configuration utility (control plane access), with CWE-502 deserialization noted in the security advisory details...
EUVD-2026-29802
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...
CVE-2026-44011
Craft CMS versions 4.0.0–4.17.11 and 5.0–5.9.17 contain an input-handling flaw in a Yii object creation path that lets an authenticated user inject malicious configuration and execute arbitrary commands. The issue arises because the request-controlled field layouts data is converted into a live F...
CVE-2026-44865
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44852
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...
CVE-2026-44853 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
CVE-2026-7821
creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...
CVE-2026-5786
creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...
OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)
Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...
PT-2026-34865
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...
CVE-2026-30460
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability in the Blocks module...
Exploit for CVE-2022-30075
TP-L-NK-SIZMA-EXPLO-T TP-Link Router Authenticated RCE Exploit...
CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...
CVE-2026-0782
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...