Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion

Joomla! JoomlaPraise Projectfork comprojectfork 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. id: CVE-2009-2100 info: name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion author: daffainfo severity: medium...

Avaya Aura Device Services - OS Command Injection

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. id: CVE-2023-3722 info: name:...

IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. id: CVE-2023-40779 info: name: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect author: r3Y3r53 severity: medium description: | An issue in...

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised...

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution

The device contains a command injection caused by the 'getcommand' query in the application, letting unauthorized attackers execute system commands with root privileges, exploit requires attacker to send crafted requests. id: CVE-2024-9166 info: name: TitanNit Web Control 2.01/Atemio 7600 - Remot...

Issabel Authenticated - Remote Code Execution

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

Roxy Fileman 1.4.5 - Unrestricted File Upload

Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...

AlquistManager Local File Inclusion

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id...

Acmailer - Improper Access Control to OS Command Injection

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

Apache Airflow OS Command Injection

Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI. id: CVE-2022-24288 info: name: Apache Airflow OS Command Injection...

Joomla! Component Jstore - 'Controller' Local File Inclusion

A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

MindPalette NateMail 3.0.15 - Cross-Site Scripting

MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note...

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

WordPress File Manager Plugin - Remote Code Execution

The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. id: CVE-2020-25213 Uploaded file will be accessible at:-...

Pandora FMS <=7.0NG.722 - Remote Code Execution

Pandora FMS versions =7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload CVE-2018-11221 and a local file inclusion CVE-2018-11222. An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of t...