CVE-2025-66802

Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE Remote Code Execution. The application receives a reverse shell php into imagem of the user enabling RCE...

CVE-2025-66802

CVE-2025-66802 affects SourceCodester Covid-19 Contact Tracing System 1.0. The Red Hat, CIRCL, NVD and related records describe a Remote Code Execution vulnerability in which an attacker can obtain a reverse shell (PHP) by exploiting the application’s handling of user-provided content, notably im...

SweetRice1.5.1-Authenticated-RCE-Exploit

SweetRice CMS 1.5.1 – Authenticated Remote Code Execution RCE...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Vulnerability Detection and Exploitation Tool...

[SECURITY] Fedora 42 Update: nginx-1.28.1-3.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

CVE-2018-19977

A command injection missing input validation, escaping in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker simple user -- in the same network as the device -- to trigger OS commands like starting telnetd or openin...

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

CVE-2019-18365

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages...

CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

CVE-2021-33697

Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

CVE-2025-23421

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information...

CVE-2022-31028

MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections...

DEBIAN-CVE-2026-21881

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881

CVE-2026-21881 affects Kanboard (versions 1.2.48 and earlier). The flaw is an authentication bypass triggered when REVERSE_PROXY_AUTH is enabled: the app blindly trusts HTTP headers for user authentication without verifying the header source from a trusted reverse proxy, allowing an attacker to i...

CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...