100 matches found
CVE-2025-0422
Cordaware bestinformed Web is affected by CVE-2025-0422: an authenticated user who can create ScriptVars of type 'script' and preview them (e.g., via Info) can execute commands on the server, i.e., Remote Code Execution. Admin permissions enable this by default, but granular permissions can allow...
PT-2025-6783 · Unknown · Bestinformed Web
Name of the Vulnerable Software and Affected Versions: BestInformed Web affected versions not specified Description: The issue allows an authenticated user in the BestInformed Web application to execute commands on the underlying server running the application, which is a case of remote code...
CVE-2024-24809
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...
CVE-2024-2662
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it...
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...
Tandoor Recipes 安全漏洞
Tandoor Recipes is a Tandoor Recipes open source application for managing recipes, planning meals, creating shopping lists, and more. A security vulnerability exists in Tandoor Recipes versions prior to 1.5.24 that originates from allowing any user to execute commands on the server...
PT-2024-6816 · Moxa · Moxa Nat-102 Oncell G4302-Lte4 +5
Name of the Vulnerable Software and Affected Versions: Moxa EDR-8010 versions affected versions not specified Moxa EDR-G9004 versions affected versions not specified Moxa EDR-G9010 versions affected versions not specified Moxa EDR-G1002-BP versions affected versions not specified Moxa NAT-102...
Exploit for Unrestricted Upload of File with Dangerous Type in Mayurik Best_House_Rental_Management_System
CVE-2024-46377 PoC for Arbitrary File Upload Vulnerability...
MongoDB Input Validation Error Vulnerability (CNVD-2024-31402)
MongoDB is a document-oriented database management system of the U.S. MongoDB company. An input validation error vulnerability exists in MongoDB that stems from incorrectly handling certain string inputs, which can be exploited by an attacker to cause the driver to construct unintended server...
CVE-2024-6382
The CVE-2024-6382 issue affects the MongoDB Rust Driver: vulnerable in 2.0.x releases prior to 2.8.2. The root cause is incorrect handling of certain string inputs, which can cause the driver to construct unintended server commands. Impact described across sources includes unexpected application ...
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
Cacti 安全漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti that stems from the presence of ...
SiYuan 跨站脚本漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A cross-site scripting vulnerability exists in SiYuan version 3.0.3 that originates from allowing an attacker to execute arbitrary commands on the server...
The vulnerability of the ILIAS learning management system and support process, which stems from insufficient validation of input data, allows a perpetrator to execute arbitrary system commands on the application server.
The vulnerability of the ILIAS learning management and support system exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands on the application server using a specially crafted file...
Akaunting Operating System Command Injection Vulnerability
Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...
Collabora Online Security Breach
Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 23.5.602 that stems from vulnerability to modified...
SUSE CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
CVE-2023-5002
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...
Authentication flaw
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...