288328 matches found
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
CVE-2026-23744-MCPJam-Exploit A proof-of-concept exploit for C...
CVE-2026-56197
Improper neutralization of special elements used in a command 'command injection' in Windows Admin Center allows an authorized attacker to execute code over a network...
CVE-2026-55145
Improper neutralization of special elements used in a command 'command injection' in Outlook Copilot allows an authorized attacker to perform tampering over a network...
CVE-2026-50488
Improper neutralization of special elements used in a command 'command injection' in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally...
CVE-2026-45077
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...
CVE-2026-47295
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-45067
Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...
CVE-2026-45077
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...
CVE-2026-45077 Symfony: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...
CVE-2026-62656 Post-authenticated command injection vulnerability found in certain NETGEAR RAX models
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation...
CVE-2026-62658 Post-authentication Command Injection Vulnerability in certain Nighthawk RAX series models
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router...
CVE-2026-45067
Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...
CVE-2026-45067 Symfony: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...
metasploitable-vulnerability-mapping-with-nmap
Metasploitable Vulnerability Assessment Network Enumeration...
CVE-2026-58635
Improper neutralization of special elements used in a command 'command injection' in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...
CVE-2026-50520
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code allows an unauthorized attacker to execute code locally...
CVE-2026-47296
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-48561
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to execute code over a network...
CVE-2026-15428
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...
CVE-2026-15427
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069...