ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 — PaperCut NG/MF Authentication Bypass & RCE S...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

python3.14 security update

An update is available for python3.14. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

RLSA-2026:19374 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

nginx security update

An update is available for nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a foc...

RLSA-2026:21391 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

RLSA-2026:21468 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

RLSA-2026:19176 Important: python3.14 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Exploit for CVE-2026-48778

CVE-2026-48...

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

CVE-2018-25412

DeltaSql 1.8.2 is affected by an arbitrary file upload vulnerability reachable via docs_upload.php. The issue allows unauthenticated attackers to upload PHP files through crafted multipart form data and place them in the upload directory, enabling remote code execution on the server. The connecte...

CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

CVE-2018-25412

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

EUVD-2018-21934

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

EUVD-2018-21931

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 - SOC Report Analysis Overview...

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...