📄 MATLAB R2024a Code Execution / Information Disclosure

MATLAB R2024a suffers from a remote code execution vulnerability as well as a sandbox escape that allows for information disclosure. ================================================================================================================================== | Title : MATLAB R2024a RCE | |...

PT-2026-39859

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1 Description An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution RCE. While restrictions were applied to the...

📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution

This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-paramiko (UTSA-2026-017484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017484 advisory. Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attac...

Cisco Unity Connection Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Unity Connection is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Unity Connection due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds, after...

CVE-2026-31246

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

CVE-2026-31246

GPT-Pilot (through commit 0819827ce20346ef5f25b3fe29293cb448840565) contains a command injection vulnerability (CWE-78) in the Executor.run() path. User prompts to confirm/modify a command are accepted as free-text and directly passed to asyncio.create_subprocess_shell(), enabling an attacker to ...

PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

EUVD-2021-34803

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

EUVD-2021-34798

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

Spring4Shell-POC

ReznokWorks 사내 게시판 — 모의해킹 시나리오 PoC 원본 Spring4Shell PoChttp...

CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

CVE-2021-47940

The CVE is for WordPress Plugin Download From Files prior to v1.49. An arbitrary file upload vulnerability exists when unauthenticated users exploit the AJAX fileupload action via admin-ajax.php (download_from_files_617_fileupload), bypassing file-type restrictions with allowExt and uploading exe...

CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2021-47937 e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2021-47937

CVE-2021-47937 affects e107 CMS 2.3.0. Authenticated users with theme installation permissions can upload a crafted theme package via the theme.php endpoint, which deploys a web shell to thee107_themes directory and enables execution of system commands through payload.php. This results in remote ...

CVE-2021-47937 e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

PT-2026-39512

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

e107 代码问题漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is based on PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive repository. Version 2.3.0 of e107 has...