QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

nostromo 1.9.6 - Remote Code Execution

nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function httpverify. id: CVE-2019-16278 info: name: nostromo 1.9.6 - Remote Code Execution author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

Kibana Timelion - Arbitrary Code Execution

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. id: CVE-2018-19276 info: name: OpenMRS Platform 2.24.0 - Insecure Object...

Webmin <= 1.920 - Unauthenticated Remote Command Execution

Webmin =1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in passwordchange.cgi. id: CVE-2019-15107 info: name: Webmin = 1.920 - Unauthenticated Remote Command Execution author: bp0lr severity: critical description: Webmin =1.920. is vulnerable to an...

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug...

Apache Solr <=8.3.1 - Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...

D-Link Routers - Remote Code Execution

D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...

Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

Windows Server Update Service - Insecure Deserialization

Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. id: CVE-2025-59287 info:...

Apache Tomcat Path Equivalence - Remote Code Execution

Path Equivalence- 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. id: CVE-2025-24813 info: name: Apache Tomcat Path Equivalence - Remote Code Execution...

FreePBX - Remote Code Execution

FreePBX 15, 16, and 17 contain a remote code execution caused by insufficiently sanitized user-supplied data in endpoints, letting unauthenticated attackers manipulate the database and execute code remotely, exploit requires no authentication. id: CVE-2025-57819 info: name: FreePBX - Remote Code...

XWiki Platform - Remote Code Execution

Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1. id: CVE-2025-24893 info: name: XWiki...

Commvault - SSRF via /commandcenter/deployWebpackage.do

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. id: CVE-2025-34028 info: name...

Netsweeper <=6.4.3 - Python Code Injection

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. id: CVE-2020-13167 info: name: Netsweeper =6.4.4 to mitiga...

Gogs 0.5.5 - 0.12.2 - Remote Code Execution

Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but n...