1794 matches found
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...
PT-2026-29158
Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.28 Description NocoBase is an AI-powered no-code/low-code platform. Versions of NocoBase prior to 2.0.28 have a security flaw that allows an authenticated attacker to achieve Remote Code Execution RCE as root. Th...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
CVE-2026-23744 — MCP Connect RCE via Unauthenticated Command I...
EUVD-2019-20033
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...
CVE-2019-25647
CVE-2019-25647 affects PhreeBooks ERP 5.2.3. A remote code execution vulnerability exists in the image manager that lets an authenticated attacker upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can place malicious PHP files via the image manager endpoint an...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...
Exploit for OS Command Injection in Arcane
CVE-2026-23520 MCP API Remote Command Execution RCE Proo...
Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...
MAL-2026-2029 Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🔥 Solar Exploiting Log4j - TryHackMe Walkthrough 📌 Room: S...
Exploit for CVE-2026-33017
CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...
Malicious code in qyrm-pipinject4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a21af6fd1f0c3069036b62cd769efe0cd35077f9141b1454397e44561c73461 During installation, the package starts a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-2016 Malicious code in qyrm-pipinject4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9a21af6fd1f0c3069036b62cd769efe0cd35077f9141b1454397e44561c73461 During installation, the package starts a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Exploit for CVE-2026-33017
CVE-2026-33017 — Langflow Unauthenticated RCE PoC !CVEhttp...
Exploit for OS Command Injection in Apache Tomcat
ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...
omrs-rce
OMRS — Online Marriage Registration System 1.0 — RCE & Auto Re...
Exploit for Use After Free in Redis
CVE-2025-49844 Original uv POC: https:...