15266 matches found
CVE-2026-24729
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...
EUVD-2020-30949
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...
CVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...
EUVD-2026-5017
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...
CVE-2026-24729
An unrestricted upload of file with dangerous type vulnerability exists in Interinfo DreamMaker’s file upload function, affecting versions before 2025/10/22. The root cause is an insufficient validation of uploaded files, enabling remote attackers to execute arbitrary system commands via a malici...
PT-2026-5378
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...
Interinfo DreamMaker security vulnerabilities
Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Versions of Interinfo DreamMaker prior to October 22, 2025, contained security vulnerabilities. These vulnerabilities stemmed from the file upload function not restricting dangerous file types, which could lead to...
BIT-RUM-2022-50806 4images 1.9 - Remote Command Execution (RCE)
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
MAL-2026-601 Malicious code in tableautes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
PT-2026-5278
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
EUVD-2025-206512
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution
A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...
MAL-2026-548 Malicious code in tabletas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
CVE-2026-23592
CVE-2026-23592 affects HPE Aruba Networking Fabric Composer. Insecure file operations in the backup functionality could allow authenticated attackers to achieve remote code execution and run arbitrary commands on the underlying OS. No remediation details are provided in the supplied documents.
PT-2026-6970
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in the DDNS Service component of D-Link DIR-823X version 250416. The issue relates to the processing of the /goform/set ddns file. Manipulation of the ddnsType, ddnsDomainName,...