14962 matches found
CVE-2021-47847
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
CVE-2025-14233
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...
CVE-2021-47805
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated...
Microsoft Edge security vulnerabilities
Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a security vulnerability in Microsoft Edge, which stems from improper validation of privileged COM interfaces. This vulnerability could allow non-administrator users to execute privileged update...
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
MiracleLinux 7 : nautilus-3.22.3-4.el7 (AXSA:2018-2543:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2543:01 advisory. An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the...
CVE-2021-47780
Macro Expert 4.7 is affected by an unquoted service path vulnerability, enabling local users to potentially execute arbitrary code with LocalSystem privileges during service startup. Root cause: improperly configured service path. Impact is high (local exploit). Remediation: ensure the service pa...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
CVE-2026-22867
CVE-2026-22867 concerns LaSuite Doc, a collaborative note-taking/wiki platform. Affected versions are 3.8.0 through 4.3.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Interlinking feature: when a user creates a link to another document in the editor, the link URL is not valida...
Arbitrary File Upload
@n8n/n8n-nodes-langchain is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation and handling of uploaded files in the Chat Trigger component, which allows an attacker to upload a crafted HTML file and execute arbitrary code on the affected system...
PT-2026-3164
Name of the Vulnerable Software and Affected Versions Remote Mouse version 4.002 Description The software contains an unquoted service path, allowing local attackers to execute arbitrary code with elevated system privileges. Specifically, the unquoted service path in the RemoteMouseService can be...
CVE-2022-50907
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
HTTP Fetch, Linux Chmod
Fetch and execute an ARMLE payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...
HTTP Fetch, Linux Chmod
Fetch and execute an AARCH64 payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTPS Fetch, Linux Chmod
Fetch and execute an AARCH64 payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTPS Fetch, Linux Chmod
Fetch and execute an ARMLE payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...
PT-2026-2963
Name of the Vulnerable Software and Affected Versions Nexus Repository 3 affected versions not specified Description A reflected cross-site scripting issue exists that could allow attackers to execute JavaScript code in a user's browser. This requires a crafted request and user interaction. The...
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...