6 matches found
CVE-2026-24452
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
EUVD-2026-8975
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
CVE-2026-24452
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
CVE-2026-24452
CVE-2026-24452 describes an OS command injection in XWEB Pro ≤ 1.12.1. An authenticated attacker can achieve remote code execution by supplying a crafted template file to the /devices route. The vulnerability is documented across multiple sources (NVD, Red Hat, EUVD/ENISA, CVE list) with consiste...
CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
Remote Code Execution
pyloadng is vulnerable to remote code execution RCE. The vulnerability is due to improper file path handling and template rendering, allowing an authenticated user to upload and execute a crafted template file...