271971 matches found
EUVD-2026-37917
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
EUVD-2026-37919
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
PT-2026-50698
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
CVE-2026-38717
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
CVE-2026-38715
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
CVE-2026-38716
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
CVE-2026-38714
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
📄 Grav CMS Zip Slip Remote Code Execution
This Metasploit module exploits a vulnerability in Grav CMS versions prior to 2.0.0-beta.2. The Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files...
📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation
A race condition exists between Windows Defender's MpCleanCallbackFunction cleanup routine and Volume Shadow Copy creation. This vulnerability allows an attacker to escalate privileges to NT AUTHORITY\SYSTEM. This Metasploit module demonstrates the issue...
PT-2026-50689
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...
PT-2026-50685
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...
EUVD-2026-37918
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
📄 WordPress PickPlugins 2.0.46 OTP Bypass
WordPress PickPlugins plugin version 2.0.46 proof of concept user verification OTP authentication bypass exploit. ================================================================================================================================== | Title : WordPress PickPlugins 2.0.46 User...
📄 Wing FTP Server 8.1.2 Authenticated Remote Code Execution
Wing FTP Server versions prior to 8.1.3 allows authenticated administrators to execute arbitrary Lua code on the server. ================================================================================================================================== | Title : Wing FTP Server 8.1.2 - Authenticat...
CVE-2026-38716
InHand Networks CVE-2026-38716 affects IR912 IR915 devices (V1.0.0.r20042 and earlier). The vulnerability is a command injection in the Python application export function that allows a remote attacker to execute arbitrary commands as root via a crafted input. The CVSS-derived metrics indicate a h...
CVE-2026-38717
The CVE-2026-38717 entry concerns InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) with a command injection vulnerability in the file upload function. The root cause is improper handling of crafted input in the upload process, enabling remote attackers to execute arbitrar...
PT-2026-50700
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
CVE-2026-38714
CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...
PT-2026-50806
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...
PT-2026-50805
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description The software caches tool approval decisions based solely on the tool name rather than the invocation arguments. This allows subsequent calls to the execute command function to bypass approval...