CVE-2023-48262

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48257

This CVE (CVE-2023-48257) refers to Bosch Nexo cordless nutrunner devices. Affects the device’s ability to access sensitive data inside exported packages or achieve remote code execution with root privileges. Exploitation possibilities described across sources include direct attack by authenticat...

WebCopilot - An Automation Tool That Enumerates Subdomains Then Filters Out Xss, Sqli, Open Redirect, Lfi, Ssrf And Rce Parameters And Then Scans For Vulnerabilities

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerate all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler and crt then...

CVE-2023-48243

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution RCE with root privileges on the device...

Redis RCE Vulnerability (GHSA-xr47-pcmx-fq2m)

Redis is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

CVE-2024-20700

CVE-2024-20700 affects Windows Hyper-V and is a remote code execution vulnerability in Hyper-V. Connected sources describe exploitation as a race condition requiring access to a restricted network; attack vector is adjacent with no user interaction and no privileges required, yielding high impact...

CVE-2024-20676

CVE-2024-20676 – Azure Storage Mover Remote Code Execution is documented with a CVSSv3 base score of 8.0 (HIGH) and a network attack vector requiring high complexity and high privileges, with no user interaction. The vulnerability affects Azure Storage Mover components and can lead to arbitrary c...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2024-21663

CVE-2024-21663 affects the Discord-Recon bot. The affected component is the bot’s ability to execute shell commands via the server without requiring admin privileges, constituting a remote code execution (RCE) vulnerability. The issue is documented as fixed in version 0.0.8; versions prior to 0.0...

CVE-2023-6528

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution...

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution

The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...

CVE-2023-5957

CVE-2023-5957 affects the Ni Purchase Order (PO) for WooCommerce WordPress plugin up to version 1.2.1. The vulnerability arises because the plugin does not validate logo and signature image files uploaded in the settings, allowing a high-privilege user to upload arbitrary files to the web server ...

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

CVE-2024-21650

XWiki Platform is affected by an RCE via the user registration feature. The vulnerability allows arbitrary code execution by crafting payloads in the first name or last name fields during guest user registration. Root cause cited in multiple sources is improper input handling (SSTI-like behavior)...

Exploit for Code Injection in Provectus Ui

CVE-2023-52251-POC There is a Remote Code Execution vulnerabi...

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager EPM solution that, if successfully exploited, could result in remote code execution RCE on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS...

Job Manager & Career – Manage job board listings, and recruitments < 1.4.5 - Cross-Site Request Forgery to PHP Object Injection

Description The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the savepluginsettings function. This makes it...