2115 matches found
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
EUVD-2026-5101
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
CVE-2026-1757 describes a memory leak in the interactive shell of the libxml2 xmllint utility. When a user enters input consisting only of whitespace, the shell skips command execution but does not free the allocated buffer, allowing memory to accumulate over repeated actions. This can lead to lo...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
libxml2 安全漏洞
Libxml2 is an open-source library from GNOME that is used for parsing XML documents. It is written in C language and can be called in various languages, such as C, C++, and XSH. Libxml2 has a security vulnerability, which stems from improper memory release in interactive shells, potentially leadi...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
This proof of concept exploit targets the LibreChat MCP remote code execution vulnerability known as CVE-2026-22252. It provides a comprehensive and professional framework for detecting, testing, and exploiting the vulnerability with multiple extraction modes...
CVE-2025-7714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...
CVE-2025-7714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...
EUVD-2025-206547
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7713
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...
EUVD-2025-206545
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
Global Interactive Design Media Content Management System Cross-Site Script Vulnerability
Global Interactive Design Media Content Management System is a content management system developed by the Turkish company Global Interactive Design Media. Versions of the Global Interactive Design Media Content Management System prior to version 21072025 contained a cross-site scripting...
PT-2026-5295
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers.This issue affects Content Management System CMS: through 21072025...
Global Interactive Design Media Content Management System SQL Injection Vulnerability
Global Interactive Design Media Content Management System is a content management system developed by the Turkish company Global Interactive Design Media. The versions of the Global Interactive Design Media Content Management System prior to version 21072025 have a SQL injection vulnerability. Th...
PT-2026-4859
Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 9.0.3 Description A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters to obtain an interactive root shell in out‑of‑scope containers on the same agent host by directly targeting...
📄 Ivanti Connect Secure 9.x / 22.x Command Injection
The provided PHP script targets CVE‑2024‑21887, a command injection vulnerability in Ivanti Connect Secure versions 9.x and 22.x It is designed to identify and exploit vulnerable systems through a crafted API request. It initializes a reusable cURL session to send malicious JSON payloads to a...