CVE-2019-25741

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

CVE-2019-25729

CVE-2019-25729 : PDF Signer 3.0 is affected by a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code via the CSRF-TOKEN cookie parameter. Attackers can craft cookie values containing template payloads (e.g., shell_exec()) to run system comm...

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

EUVD-2026-34260

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

CVE-2026-8037

CVE-2026-8037 affects Progress LoadMaster and related ADC components (ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF). The vulnerability is an OS command injection in the API where unsanitized input in multiple command endpoints allows an unauthenticated attacker to execute a...

Security Bulletin: Security Vulnerabilities have been identified in IBM WebSphere Application Server bundled with IBM Financial Transaction Manager for Check Services

Summary IBM WebSphere Application Server is bundled with IBM Financial Transaction Manager v3.0.5.4. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

EUVD-2026-34247

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

CVE-2026-45431 Command Injection Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

WordPress Content Visibility for Divi Builder plugin <= 4.02 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Content Visibility for Divi Builder versions = 4.02...

unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

CVE-2026-44417

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

CVE-2026-47323

A flaw was found in Apache Camel. An unauthenticated attacker could inject Camel-internal headers via HTTP requests to CXF-RS or CXF-SOAP endpoints due to missing inbound filtering in the HeaderFilterStrategy implementations. This allows the attacker to override configured values when messages ar...