CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

EUVD-2026-33942

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

Exploit for CVE-2024-21182

CVE-2024-21182 — Oracle WebLogic Server T3/IIOP JNDI Injection...

USN-8130-2 gst-plugins-base1.0 vulnerability

USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use th...

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

CVE-2026-34906

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

XWiki < 4.10.20 - Remote code execution

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a close...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

Apache Druid - Remote Code Execution

Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. id: CVE-2021-25646 info: name: Apache Druid - Remote Cod...

CVE-2026-42359

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

Exploit for CVE-2026-49009

CVE-2026-49...

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross...

CVE-2026-34906

CVE-2026-34906 describes a Server-Side Template Injection (SSTI) in Wirtualna Uczelnia that allows an unauthenticated attacker to achieve Remote Code Execution (RCE) via insufficient input validation in the redirectToUrl endpoint and redirectUrlParameter. The payloades injected through these para...