PT-2026-3542

Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller affected versions not specified Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an arbitrary file upload issue. This allows remote attackers with sufficient privileges to upload and...

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...

EUVD-2013-0409

Malware in sbrugna...

EUVD-2018-3360

Malware in sbrugna...

EUVD-2025-6829

Malicious code in bioql PyPI...

EUVD-2024-32360

Malicious code in bioql PyPI...

EUVD-2022-41799

Malicious code in bioql PyPI...

EUVD-2025-13514

Malicious code in bioql PyPI...

EUVD-2024-32358

Malicious code in bioql PyPI...

EUVD-2023-57711

Malicious code in bioql PyPI...

JVN#72111431: Multiple vulnerabilities in Group-Office

Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...

CVE-2025-8145

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

BeyondTrust Remote Support (RS) 24.2.2 < 24.3.3 Server-Side Template Injection

The version of BeyondTrust Remote Support RS running on the remote host is affected by a server-side template injection vulnerability which can lead to remote code execution. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-5824 Path Traversal in parisneo/lollms

A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...

CVE-2024-1882 Server-side resource injection in PaperCut NG/MF

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

CVE-2023-37502

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...