WBCE CMS 1.6.4 - Remote Code Execution

Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date: 2024-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6.4 Version: 1.6.4 Tested on: Linux Debian/Parrot OS Vulnerability Description WBCE CMS version...

Deserialization of Untrusted Data

Overview fedml is an A research and production integrated edge-cloud library for federated/distributed machine learning at anywhere at any scale. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the sendMessage function in grpcserver.py. An attacker can...

CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

📄 Grav CMS 1.7.49.5 Remote Code Execution

Grav CMS versions 1.7.49.5 and below with Admin Plugin versions 1.10.49.3 and below are vulnerable to an authenticated remote code execution vulnerability via the "Direct Install" feature in the administrative interface. An authenticated administrator can upload a crafted plugin archive containin...

UBUNTU-CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

GHSA-3P2M-H2V6-G9MX @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Summary The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on th...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via manipulation of the @partial-block variable in the template data context. An attacker can...

@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

PT-2026-25802

Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...

Arbitrary File Upload

wwbn/avideo is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of files during plugin upload and extraction, which allows an attacker to upload a crafted archive containing malicious PHP code and execute it on the server...

CVE-2026-2448 Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

CVE-2026-0926

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

📄 WordPress StoryChief 1.0.42 Shell Upload

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin less than or equal to 1.0.42. The plugin exposes a webhook endpoint at /wp-json/storychief/webhook which accepts a forged HMAC. Because the plugin uses an empty secret for HMA...

PT-2026-20306

Name of the Vulnerable Software and Affected Versions Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress versions prior to 3.1.1 Description The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is susceptible to Code...

AZL-76539 CVE-2025-63652 affecting package fluent-bit 3.1.10-4

A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. An attacker can execute arbitrary code on the server by...

CVE-2026-1331

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1331

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...