242855 matches found
CVE-2026-10042
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/methodname and /simpleexecute/methodname endpoints deserialize attacker-controlled HTTP request...
Description of the security update for SharePoint Server 2019: May 12, 2026 (KB5002870)
Description of the security update for SharePoint Server 2019: May 12, 2026 KB5002870 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...
Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 (KB5002863)
Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 KB5002863 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you'r...
CVE-2026-48962
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
CVE-2026-8326
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems K...
CVE-2026-10072
DreamMaker (Interinfo) is affected by an Arbitrary File Upload vulnerability that enables privileged remote attackers to upload and execute web shell backdoors, resulting in arbitrary code execution on the server. The issue is documented in CVE-2026-10072 with CVSS metrics indicating high severit...
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-10071 Interinfo|DreamMaker - Arbitrary File Upload
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...
CVE-2026-45312 RAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code Execution
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator rag/prompts/generator.py allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas...
CVE-2026-45312
RAGFlow (open-source RAG engine) is affected in 0.24.0 and earlier by a Jinja2 template injection in the prompt generator (rag/prompts/generator.py). This allows any authenticated user to execute arbitrary OS commands on the server via the SSTI chain, once a user registers and creates a Canvas wo...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
EUVD-2026-33281
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
CVE-2026-8326
CVE-2026-8326 describes a path traversal in Remote Spark SparkView via the RDP drive redirection , enabling an unauthenticated attacker to read and write arbitrary files as root, potentially leading to remote code execution . Affected builds are listed as “before build 1127.” The CVSS 4.0 base sc...
EUVD-2025-209989
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...