51 matches found
CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...
CVE-2022-37184
The application managewebsite.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file...
CVE-2023-4257
Unchecked user input length in /subsys/net/l2/wifi/wifishell.c can cause buffer overflows...
EUVD-2025-10481
Malicious code in bioql PyPI...
EUVD-2024-45889
Malicious code in bioql PyPI...
EUVD-2024-43517
Malicious code in bioql PyPI...
EUVD-2022-39837
Malicious code in bioql PyPI...
EUVD-2025-19225
Malicious code in bioql PyPI...
CVE-2025-47637
Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through = 2.11.0...
CVE-2022-24609
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...
CVE-2024-50526
Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat
Manual use is cumbersome; create an example script instead. Us...
Dotclear 2.29 Remote Code Execution
Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...
Skylab IGX IIoT Gateway 安全漏洞
Skylab IGX IIoT Gateway is a gateway organized by Skylab to connect various wireless/wired IoT devices and unify different protocols to IoT standards. A security vulnerability exists in Skylab IGX IIoT Gateway version v1.2.12, which stems from a vulnerability that allows an attacker to execute,...
Wolf CMS 0.8.3.1 - Remote Code Execution Vulnerability
Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" tab. Click on the...
Beauty Salon 1.0 Remote Shell Upload
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
Beauty-salon v1.0 - Remote Code Execution (RCE)
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
CVE-2022-37184
The application managewebsite.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file...
CVE-2022-37184
The application managewebsite.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file...