CVE-2026-33613

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

PT-2026-29710

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

EUVD-2026-14404

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script...

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script...

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script...

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script...

PT-2025-47616

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device Synchronizations /admin/DeviceReplication. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device NAS shared section /admin/DeviceNAS. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

WBSAirback 21.02.04 is affected by an SSI (Server-Side Includes) handling flaw exposed via the Device Synchronizations API at /admin/DeviceReplication. The root cause is improper neutralization, enabling a remote attacker to execute arbitrary code. Several sources corroborate this CVE-2024-3786 v...

CVE-2024-3785

WBSAirback 21.02.04 is affected by a vulnerability described as improper neutralisation of Server-Side Includes (SSI) via the Device NAS shared section (/admin/DeviceNAS). The root cause is SSI handling in the Device NAS path, which could allow a remote attacker to execute arbitrary code. Affecte...

CVE-2023-3368

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

CVE-2023-3368

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

CVE-2022-4092

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...

CVE-2022-4092

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...

CVE-2022-45050

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability...