TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

Oracle Identity Manager REST WebServices - Authentication Bypass

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

SUSE CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

PT-2026-46750

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Chromoting allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free is a memory corruption flaw that occurs when an...

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress ADC affected versions not specified Description An OS Command Injection flaw in the API of Progress ADC products allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance. This issue is caused by...

EUVD-2026-34201

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

PT-2026-46137

Name of the Vulnerable Software and Affected Versions OpenStack Mistral versions prior to 22.0.0 Description An issue exists where a policy enforcement bypass allows arbitrary remote code execution when the API is exposed. Specific API endpoints do not properly validate user-supplied inputs,...

PT-2026-46232

⚠️⚠️ CVE-2026-48519 CVSS 9.6: Unauthenticated RCE via Shareable Playground build public tmp code injection 🔗FOFA Link: https://t.co/fi4lCcHLVr 🎯30.9K+ Results are found on https://t.co/HSOBZfCA2r in the past year. FOFA Query: app="LOGSPACE-LangFlow" 🔖Refer: https://t.co/yQvcsMAhUW OSINT FOFA...

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

PT-2026-46425

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free occurs when an application continues to use a pointer after ...

PT-2026-46529

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description A use after free issue in Fonts allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw tha...

PT-2026-46430

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.53 Description A use after free issue exists where a remote attacker can execute arbitrary code. This is achieved by convincing a user to perform specific UI gestures while interacting with a...

PT-2026-46294

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router version NW-431F-20241014-IR03 Description A flaw in the 'at command.asp' interface allows a remote attacker to obtain sensitive information and execute arbitrary code. This issue can be triggered by sending a crafted...

PT-2026-46402

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2026-41283

OpenStack Mistral

PT-2026-46414

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in Google Chrome on iOS allows a remote attacker to execute arbitrary code. This is achieved by inducing the victim to visit a specially crafted HTML page...