CVE-2026-33613

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

PT-2026-29710

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device Synchronizations /admin/DeviceReplication. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device NAS shared section /admin/DeviceNAS. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

WBSAirback 21.02.04 is affected by an SSI (Server-Side Includes) handling flaw exposed via the Device Synchronizations API at /admin/DeviceReplication. The root cause is improper neutralization, enabling a remote attacker to execute arbitrary code. Several sources corroborate this CVE-2024-3786 v...

CVE-2024-3785

WBSAirback 21.02.04 is affected by a vulnerability described as improper neutralisation of Server-Side Includes (SSI) via the Device NAS shared section (/admin/DeviceNAS). The root cause is SSI handling in the Device NAS path, which could allow a remote attacker to execute arbitrary code. Affecte...

CVE-2023-3368

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

CVE-2023-3368

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...