CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

CVE-2026-45672 Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

EUVD-2024-18560

Malicious code in bioql PyPI...

CVE-2010-20007 Seagull FTP v3.3 Build 409 Stack Buffer Overflow

Seagull FTP Client = v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly...

CVE-2024-40085

A Buffer Overflow vulnerability in the localappsetrouterwan function of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoeusername and pppoepassword fields being larger than 128 bytes in length...

CVE-2024-7674

CVE-2024-7674 affects Autodesk Navisworks where parsing a DWFX file via dwfcore.dll can trigger a heap-based buffer overflow, enabling a crash or arbitrary code execution in the current process. Affected products are Navisworks components that parse DWFX; exploitation is described as impacting th...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-28397

CVE-2024-28397 affects the Python js2py library (versions up to 0.74). The vulnerability enables a sandbox escape and remote code execution by abusing Python object introspection from JavaScript. Attackers can obtain a PyObjectWrapper via Object.getOwnPropertyNames({}) and then traverse to Python...

Cisco Firepower Management Center < 6.6.7.1 - Authenticated Remote Code Execute Exploit

Exploit Title: Cisco Firepower Management Center Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface fmcurl = "https://fmc.example.com"...

Zoo Management System 1.0 - Unauthenticated Remote Code Execute Vulnerability

Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...

Wondercms 4.3.2 - XSS to Remote Code Execute Exploit

Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code...

rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2023-26512

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

Deserialization of untrusted data

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2021-33798

A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...

Null pointer dereference

A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...

CVE-2021-33798

A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...