poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

MGASA-2026-0142 Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from an improper bulk assignment vulnerability in the account registration endpoint, allowing...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

USN-7998-1 openjdk-17 vulnerabilities

It was discovered that the RMI component of OpenJDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : OpenJDK 11 vulnerabilities (USN-8001-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8001-1 advisory. It was discovered that the RMI component of OpenJDK 11 would establish RMI TCP endpoint connections to a remo...

USN-8003-1 openjdk-21-crac vulnerabilities

It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-8002-1 openjdk-21 vulnerabilities

It was discovered that the RMI component of OpenJDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

Linux Distros Unpatched Vulnerability : CVE-2018-1335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line o...

MCP Server Prompt Injection

Model Context Protocol MCP Server Prompt Injection occurs when malicious actors use tools response to inject malicious prompts to the calling LLM through the MCP client. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

Adobe Commerce Security Breach

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A security vulnerability exists in Adobe Commerce that stems from an XSLT server injection vulnerability in the Import Jobs function of the FireBear Improved Import And Export plugin...

Prototype Pollution

superjson, is vulnerable to prototype pollution. The vulnerability exists through the 'getDeep' function in 'accessDeep.ts' file allowing an attacker to exploit the vulnerability by injecting arbitrary code on the server...

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

ALPINE-CVE-2016-8615

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar...

CVE-2016-10548

Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...

The use of injection techniques to attack the mail server and defenses(a)-vulnerability warning-the black bar safety net

This article will detail through the talk to mail server communication of a Web application, i.e., the webmail application to inject some mail protocolsIMAP and SMTP Protocolcommands to attack a mail server of the principles, methods and defenses. A Webmail application role Webmail app through IM...