Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

CVE-2025-68613 — n8n RCE via Expression Injection For edu...

CVE-2026-0759

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759 Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759

The CVE-2026-0759 entry concerns Katana Network Development Starter Kit. A command-injection flaw exists in the executeCommand function where user-supplied input is not properly validated before being used to form a system call, allowing remote attackers to execute code with the service account. ...

CVE-2026-0759

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

CVE-2026-0759 Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...

Katana Development Starter Kit: Operating System Command Injection Vulnerability

The Katana Development Starter Kit is an open-source development kit developed by Katana Network. The Katana Development Starter Kit has a vulnerability related to operating system command injection. This vulnerability stems from the executeCommand method, which lacks validation of the strings...

(0Day) Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeCommand method. The issue result...

PT-2026-1989

Name of the Vulnerable Software and Affected Versions Katana Network Development Starter Kit affected versions not specified Description The Katana Network Development Starter Kit contains a command injection flaw in the executeCommand function, potentially allowing remote code execution. The iss...

Exploit for CVE-2025-37164

CVE-2025-37164 - HPE OneView Unauthenticated RCE PoC Proof-of...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...

GeoServer 2.25.1 Code Injection

============================================================================================================================================= | Title : GeoServer 2.25.1 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

CVE-2021-42796

An issue was discovered in ExecuteCommand in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior that allows unauthenticated arbitrary commands to be executed...

CVE-2021-42796

An issue was discovered in ExecuteCommand in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior that allows unauthenticated arbitrary commands to be executed...

Design/Logic Flaw

An issue was discovered in ExecuteCommand in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior that allows unauthenticated arbitrary commands to be executed...

CVE-2021-42796

An issue was discovered in ExecuteCommand in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior that allows unauthenticated arbitrary commands to be executed...

CVE-2021-42796

CVE-2021-42796 affects AVEVA Edge (formerly InduSoft Web Studio) pre-2020 R2. The vulnerability is in the ExecuteCommand() function (stadosvr.exe) and allows unauthenticated arbitrary commands to execute, via improper access control. The issue is documented with a base CVSS v3.1 score of 9.8 (Net...

AirMaster 3000M - Multiple Vulnerabilities

?php Exploit Title: AirMaster 3000M multiple Vulnerabilities Date: 2017/08/12 Exploit Author: Koorosh Ghorbani Author Homepage: http://8thbit.net/ Vendor Homepage: http://mobinnet.ir/ Software Version: V2.0.1B1044 Web Server: GoAhead-Webs/2.5.0 define'isDebug',false; define'specialCookie','Cookie...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

SAP ConfigServlet - Remote Payload Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...