Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

F5 BIG-IP Appliance Mode - Command Injection

When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...

Websvn <2.6.1 - Remote Code Execution

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. id: CVE-2021-32305 info: name: Websvn 2.6.1 - Remote Code Execution author: gy741 severity: critical description: WebSVN before 2.6.1 allows remote attackers to execute...

Apache Tomcat - Remote Code Execution

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

CyberPanel v2.3.6 Pre-Auth Remote Code Execution

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers Protobuf, that, if successfully exploited, could result in remote code execution RCE and denial-of-service DoS attacks. "In affected environments, a...

Exploit for Out-of-bounds Write in Mediatek Lr12A

CVE-2024-20154: NB-IoT SIB1-NB Stack Overflow in MediaTek MT67...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

SUSE CVE-2026-11632

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11633

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

SUSE CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11639

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11641

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

SUSE CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11646

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11649

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11650

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11651

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11662

Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...