EUVD-2026-33354

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

CVE-2023-54345

The CVE-2023-54345 entry concerns Frappe Framework ERPNext 13.4.0. A sandbox-escape flaw in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via /app/server-script and access ...

CVE-2026-7810

CVE-2026-7810 affects UsamaK98 python-notebook-mcp (server.py) with path traversal in create_notebook/read_notebook/edit_cell/add_cell. Root cause: manipulation in server.py enables remote attack. Exploit published and may be used; no product version details due to rolling-release approach. CVSS ...

PT-2026-37000

Name of the Vulnerable Software and Affected Versions Frappe Framework ERPNext version 13.4.0 Description A sandbox escape in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code through frame introspection. An attacker can create a server script usin...

CVE-2026-7234

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

CVE-2026-7216

The CVE-2026-7216 entry describes a weakness in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. The vulnerable component is the create_sketch Tool, specifically the processing_server.py function handling the sketch_name argument. This input manipulation enabl...

CVE-2026-7214

CVE-2026-7214 affects the eghuzefa engineer-your-data project up to version 0.1.3. The vulnerability targets functions read_file, write_file, list_files, and file_inf in src/server.py and stems from manipulating WORKSPACE_PATH to cause path traversal. The issue can be exploited remotely, and a pu...

CVE-2026-7139

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

PT-2026-35364

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

PT-2026-31852

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue exists in the Totolink A7100RU router. The setAdvancedInfoShow function within the CGI Handler component, specifically in the file /cgi-bin/cstecgi.cgi, is susceptible ...

PT-2026-27168

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

CVE-2026-29516 Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

CVE-2026-2199

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS

This document articulates an overview of remote SQL injection, command injection, and cross site scripting vulnerabilities found in the Alicorn version from 2004...

PT-2026-3056

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...