386517 matches found
Exploit for CVE-2026-57517
Control Web Panel 0.9.8.1224 — Blind SQL Injection to Remot...
Malicious code in vps-maintenance-paperclip-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...
MAL-2026-6757 Malicious code in vps-maintenance-paperclip-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...
Exploit-Chain-Suggester
Exploit Chain Suggester v2.0.0 A CLI tool for penetration tes...
Exploit-Chain-Suggestor
Exploit Chain Suggestor A CLI tool for penetration testers an...
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...
Exploit for CVE-2026-54415
CVE-2026-54415 — Azuriom CMS Broken Access Control → Account T...
Exploit for Improper Input Validation in Apache Activemq
Apache ActiveMQ Classic — RCE Research Private research archi...
Exploit for CVE-2026-34038
CVE-2026-34038: Authenticated Remote Command Injection in Cool...
Pandora FMS 7.0NG - Remote Command Injection
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...
SysAid Help Desk <15.2 - Local File Inclusion
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. dot dot in the fileName parameter of getGfiUpgradeFile or cause a denial of service CPU and memory consumption via .. dot dot in the fileName paramet...
Appium Desktop Server - Remote Code Execution
OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. id: CVE-2023-2479 info: name: Appium Desktop Server - Remote Code Execution author: zn9988 severity: critical description: | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...
RClone RC - Command Injection
Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...
Razer Sila Gaming Router - Remote Code Execution
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...
JS Help Desk <= 2.8.1 - SQL Injection
The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...
TurboMeeting - Post-Authentication Command Injection
The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...
Chaosblade < 1.7.4 - Remote Code Execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...
Honeywell PM43 Printers - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...
PMB v7.4.6 - Cross-Site Scripting
PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...