5 matches found
CVE-2026-34599 Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...
PT-2025-2189 · WordPress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue arises due to the software allowing users to execute an action that does not properly...
CVE-2021-41739
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp...
Artica Proxy 操作系统命令注入漏洞
Artica Proxy is an open source Artica proxy solution from French company Artica. A security vulnerability exists in Artica Proxy version 4.30.000000, which stems from a lack of filtering and escaping in the application's cyrus.events.php GET parameter logs and POST parameter rp. An attacker can...
Command injection
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...