CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

CVE-2024-35373

CVE-2024-35373 affects Mocodo Mocodo Online 4.2.6 and earlier. The vulnerability is a Remote Code Execution flaw exploitable via the /web/rewrite.php endpoint, attributed to improper input handling/validation per sources in the connected documents. CVSSv3.1 base score is 9.8 (CRITICAL) with netwo...

Remote Code Execution (RCE)

shopware/shopware is vulnerable to Remote Code Execution RCE. The vulnerability is due to certain circumstances which allow the execution of authorized foreign code...

Atlassian Confluence 5.2 < 7.19.22 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 RCE (CONFSERVER-95832)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95832 advisory. - This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Cod...

CVE-2024-5243

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5243 TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are...

CVE-2024-5242

CVE-2024-5242 affects TP-Link Omada ER605 routers. The vulnerability is a stack-based buffer overflow in the DDNS handling path (UpdateSvr1/CMDDNS) caused by improper validation of attacker-controlled data length before copying into a fixed-size stack buffer, enabling remote code execution as roo...

CVE-2024-5242 TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However,...

CVE-2024-5228 TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060

CVE-2024-34060 affects IrisEVTXModule, an interface plugin used with Evtx2Splunk and Iris to ingest Microsoft EVTX logs via the iris-web pipeline. The vulnerability arises from unsafe handling of EVTX filenames during upload, enabling Arbitrary File Write and potentially remote code execution (RC...

Exploit for Code Injection in Atlassian Confluence_Data_Center

CVE-2024-21683-RCE Credit https://x.com/realalphaman...

CVE-2024-4662 Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as...

CVE-2024-4267 Remote Code Execution in parisneo/lollms-webui

A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...

CVE-2024-21683

This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentialit...

CVE-2024-21683

CVE-2024-21683 is an authenticated Remote Code Execution in Atlassian Confluence Data Center and Server. The issue arises from the Rhino script engine parsing tainted data in uploaded text/files, allowing an attacker with necessary privileges (e.g., admin) to execute arbitrary host code. Affected...

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload...

AVideo WWBNIndex Plugin Unauthenticated RCE

This module exploits an unauthenticated remote code execution RCE vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require function without proper sanitization. By exploiting...