60008 matches found
Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()
Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...
Vite Dev Server - Directory Traversal
Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...
Cisco IOS XE WLC - Arbitrary File Upload
A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...
Cisco Secure Firewall Management Center - Authentication Bypass
Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...
TerraMaster TOS <.1.29 - Remote Code Execution
TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...
Vite Dev Server - Information Exposure
Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...
Grandstream UCM6200 - SQL Injection
Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...
Vite Dev Server - Information Exposure
Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
ROOT-OS-UBUNTU-2404-CVE-2025-40168 CVE-2025-40168 in rootio-linux - Patched by Root
Root has patched CVE-2025-40168 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43413 CVE-2026-43413 in rootio-linux - Patched by Root
Root has patched CVE-2026-43413 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-31560 CVE-2026-31560 in rootio-linux - Patched by Root
Root has patched CVE-2026-31560 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-38725 CVE-2025-38725 in rootio-linux - Patched by Root
Root has patched CVE-2025-38725 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-46172 CVE-2026-46172 in rootio-linux - Patched by Root
Root has patched CVE-2026-46172 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-37819 CVE-2025-37819 in rootio-linux - Patched by Root
Root has patched CVE-2025-37819 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-71148 CVE-2025-71148 in rootio-linux - Patched by Root
Root has patched CVE-2025-71148 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43410 CVE-2026-43410 in rootio-linux - Patched by Root
Root has patched CVE-2026-43410 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-23176 CVE-2026-23176 in rootio-linux - Patched by Root
Root has patched CVE-2026-23176 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...