7018 matches found
PT-2026-28162
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...
EUVD-2019-20033
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647
CVE-2019-25647 affects PhreeBooks ERP 5.2.3. A remote code execution vulnerability exists in the image manager that lets an authenticated attacker upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can place malicious PHP files via the image manager endpoint an...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...
PT-2026-27381
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
Exploit for OS Command Injection in Arcane
CVE-2026-23520 MCP API Remote Command Execution RCE Proo...
CVE-2026-33186
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...
MAL-2026-2029 Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🔥 Solar Exploiting Log4j - TryHackMe Walkthrough 📌 Room: S...
Exploit for CVE-2026-33017
CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...
Malicious code in qyrm-pipinject4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a21af6fd1f0c3069036b62cd769efe0cd35077f9141b1454397e44561c73461 During installation, the package starts a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-2016 Malicious code in qyrm-pipinject4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a21af6fd1f0c3069036b62cd769efe0cd35077f9141b1454397e44561c73461 During installation, the package starts a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Exploit for CVE-2026-33017
CVE-2026-33017 — Langflow Unauthenticated RCE PoC !CVEhttp...
EUVD-2026-13972
OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the loopback/proxy...
CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin
The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the...
CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin
The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the...