Lucene search
K

254052 matches found

EUVD
EUVD
added 1 hour ago6 views

EUVD-2026-43182

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS6.7AI score
Exploits0References3
CVE
CVE
added 4 hours ago7 views

CVE-2026-61447

PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...

10CVSS6.7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 4 hours ago22 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
CVE
CVE
added 7 hours ago9 views

CVE-2026-57827

The CVE-2026-57827 entry concerns the Joomla extension RSFiles (RSFiles component) from rsjoomla.com, affected versions prior to 1.17.12. The vulnerability is an unauthenticated arbitrary file upload that can upload executable files, enabling full remote code execution (RCE). The connected record...

10CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-43168

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6.1AI score
Exploits0References2
CVE
CVE
added 7 hours ago8 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-43167

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score
Exploits0References2
CVE
CVE
added 11 hours ago11 views

CVE-2025-6784

CVE-2025-6784 affects the WordPress Code Engine plugin (versions up to 0.3.5). It allows Remote Code Execution via the 'code-engine' shortcode because access to the plugin’s code-injecting functionality is not restricted. Authenticated users with Contributor-level access and above can execute cod...

8.8CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago6 views

EUVD-2025-210455

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS6.3AI score
Exploits0References2
Nuclei
Nuclei
added 13 hours ago86 views

WordPress Simple File List <=4.2.2 - Remote Code Execution

An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint ee-upload-engine.php restricts file uploads based on extension, but lacks proper validatio...

6.3AI score
Exploits9References3
CVE
CVE
added 13 hours ago4 views

CVE-2026-2354

CVE-2026-2354 affects the Swiss Toolkit For WP WordPress plugin up to version 1.4.6. A flawed file type validation bypass in upload_extension_files() hooks into wp_check_filetype_and_ext and uses strpos() on the filename to validate extensions instead of checking the actual file type. This enable...

8.8CVSS6.5AI score
Exploits0References5
Nuclei
Nuclei
added 14 hours ago81 views

Zaver - Local File Inclusion

Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...

7.5CVSS7AI score0.03599EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago31 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.1438EPSS
Exploits3References2
Nuclei
Nuclei
added 14 hours ago159 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.5AI score0.43683EPSS
Exploits5References4
Nuclei
Nuclei
added 14 hours ago30 views

MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...

9.4CVSS7.5AI score0.38532EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago145 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.4AI score0.59844EPSS
Exploits2
Nuclei
Nuclei
added 14 hours ago17 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago425 views

Codoforum 5.1 - Arbitrary File Upload

Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain...

7.2CVSS7.1AI score0.32233EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago22 views

WooCommerce Help Scout - Arbitrary File Upload

WooCommerce Help Scout plugin before version 2.9.1 contains an unrestricted file upload vulnerability. The vulnerability allows unauthenticated users to upload arbitrary files to the server which by default will end up in wp-content/uploads/hstmp/ directory, potentially leading to remote code...

9.8CVSS7.3AI score0.07908EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Rows per page
Query Builder