Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...

WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...

Xfilesharing 2.5.1 - Arbitrary File Upload

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload.This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP. id: CVE-2019-18952 info: name: Xfilesharing 2.5.1 - Arbitrary File Upload...

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...

Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution

The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests. id: CVE-2024-9166 info: name: TitanNit Web Control 2.01/Atemio 7600 - Remot...

Dell UnityVSA < 5.5 - Remote Command Injection

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. id: CVE-2025-36604 info: name: Dell UnityVSA 5.5 - Remote Command Injection author: DhiyaneshDK,watchtowr severity: critical description: | Dell...

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

MCPJam Inspector - Remote Code Execution

MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. id:...

D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...