44951 matches found
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
This proof of concept exploit targets the LibreChat MCP remote code execution vulnerability known as CVE-2026-22252. It provides a comprehensive and professional framework for detecting, testing, and exploiting the vulnerability with multiple extraction modes...
PT-2026-5390
Name of the Vulnerable Software and Affected Versions Hikvision Wireless Access Points affected versions not specified Description Hikvision Wireless Access Points are susceptible to authenticated command execution because of inadequate input validation. An attacker possessing valid credentials c...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...
PT-2026-5378
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...
CVE-2025-51958
CVE-2025-51958 affects the aelsantex runcommand plugin for DokuWiki, where an unauthenticated user can execute arbitrary system commands via lib/plugins/runcommand/postaction.php. The issue stems from the plugin allowing command execution without authentication, enabling an attacker to run comman...
CVE-2026-25046
Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...
BIT-RUM-2022-50806 4images 1.9 - Remote Command Execution (RCE)
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
CVE-2025-57283
A flaw was found in browserstack-local. Improper input sanitization of the logfile variable allows an attacker to inject arbitrary OS commands that are executed when this variable is processed, resulting in arbitrary command execution. Mitigation To mitigate this issue, implement strict input...
CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
EUVD-2025-206536
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
MAL-2026-605 Malicious code in dhgshop (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcf692c43737b2f7360ab017ae983283e98b2d2591a90a3efff90685a95d2632 The package dhgshop was found to contain malicious code. Source: ossf-package-analysis 194b5b6f2e47a1b70386a65d094c4b7d07a4fad392f36512b21542203c931d...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
MAL-2026-601 Malicious code in tableautes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-PoC-http-exec PoC terkait CVE-2025-55182 untu...
MAL-2026-596 Malicious code in turbotax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 482f0494fdcfb328794613ca7098174eb93b12a55cc53cb57b73930df8ad238a The package turbotax was found to contain malicious code. Source: ossf-package-analysis...
TP-Link Archer RE605X security vulnerabilities
The TP-Link Archer RE605X is a wireless signal amplifier produced by the TP-Link company. The TP-Link Archer RE605X has a security vulnerability, which stems from the backup restoration function not properly verifying unexpected or unidentifiable tags in the backup files, potentially allowing for...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...