44738 matches found
Koken CMS code-related vulnerabilities
Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...
EUVD-2025-206573
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
PT-2026-5433
Name of the Vulnerable Software and Affected Versions DokuWiki aelsantex runcommand plugin version 2014-04-01 Description The aelsantex runcommand plugin for DokuWiki allows unauthenticated attackers to execute arbitrary system commands. This is possible through the postaction.php file located in...
runcommand security vulnerability
Runcommand is a plugin developed by aelsantex for DokuWiki users. The version released on April 1, 2014, contains a security vulnerability. This vulnerability stems from a flaw in the lib/plugins/runcommand/postaction.php file, which could allow unauthenticated attackers to execute arbitrary syst...
PT-2026-5378
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...
Interinfo DreamMaker security vulnerabilities
Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Versions of Interinfo DreamMaker prior to October 22, 2025, contained security vulnerabilities. These vulnerabilities stemmed from the file upload function not restricting dangerous file types, which could lead to...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
This proof of concept exploit targets the LibreChat MCP remote code execution vulnerability known as CVE-2026-22252. It provides a comprehensive and professional framework for detecting, testing, and exploiting the vulnerability with multiple extraction modes...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...
TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...
PT-2026-5390
Name of the Vulnerable Software and Affected Versions Hikvision Wireless Access Points affected versions not specified Description Hikvision Wireless Access Points are susceptible to authenticated command execution because of inadequate input validation. An attacker possessing valid credentials c...
PT-2026-5391
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...
CVE-2025-51958
CVE-2025-51958 affects the aelsantex runcommand plugin for DokuWiki, where an unauthenticated user can execute arbitrary system commands via lib/plugins/runcommand/postaction.php. The issue stems from the plugin allowing command execution without authentication, enabling an attacker to run comman...
PT-2026-5465
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...
CVE-2026-25046
Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...
BIT-RUM-2022-50806 4images 1.9 - Remote Command Execution (RCE)
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
CVE-2025-57283
A flaw was found in browserstack-local. Improper input sanitization of the logfile variable allows an attacker to inject arbitrary OS commands that are executed when this variable is processed, resulting in arbitrary command execution. Mitigation To mitigate this issue, implement strict input...
CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...
CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...