CVE-2026-40351

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

EUVD-2011-2538

Malware in sbrugna...

EUVD-2023-44128

Malicious code in bioql PyPI...

CVE-2023-3467

Privilege Escalation to root administrator nsroot...

VulnCheck KEV: CVE-2023-3467

Privilege Escalation to root administrator nsroot...

CVE-2023-3467

Privilege Escalation to root administrator nsroot...

Privilege escalation

Privilege Escalation to root administrator nsroot...

CVE-2023-3467

Privilege Escalation to root administrator nsroot...

CVE-2023-3467

Citrix CTX561482 documents CVE-2023-3467 as part of multiple vulnerabilities affecting NetScaler ADC/Gateway. It is a Privilege Escalation to root administrator (nsroot) vulnerability. Affected versions (per the bulletin) include NetScaler ADC/Gateway 13.1 before 13.1-49.13, 13.0 before 13.0-91.1...

CVE-2023-3467

Privilege Escalation to root administrator nsroot...

Remote code execution

DISPUTED Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an...

CVE-2019-18780

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Fl...

Oracle VirtualBox Guest-to-Host Escape E1000 Privilege Escalation Vulnerability - Mac OS X

Oracle VirtualBox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-11509

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell...

OpenCMS 10.5.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

OpenCMS 10.5.3 Cross Site Request Forgery

Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

SourceBans 1.4.8 - SQL Injection Local File Inclusion Injection

SourceBans 1.4.8 - SQL Injection Local File Inclusion Injection Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...

SourceBans 1.4.8 Local File Inclusion / SQL Injection

Exploit Title: SourceBans In memory of crashfr who will NEVER die. Merci pour tout mec! ;-... R.I.P. ./EOF...