Lucene search
K

31274 matches found

CVE
CVE
added 2026/01/29 2:28 p.m.11 views

CVE-2020-37009

CVE-2020-37009 affects MedDream PACS Server 6.8.3.751. The connected records confirm an authenticated remote code execution vulnerability where an authorized user can upload PHP files via the uploadImage.php endpoint, enabling execution of arbitrary system commands with elevated privileges. CVSS ...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37009

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/29 2:28 p.m.5 views

EUVD-2020-30904

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.17 views

CVE-2020-37002

CVE-2020-37002 — Ajenti 2.1.36 : An authentication bypass vulnerability exists in the web admin panel that allows remote attackers, after successful login, to execute arbitrary commands via the "/api/terminal/create" endpoint. The impact is described as command execution with potential reverse sh...

9.8CVSS6.1AI score0.00653EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30913

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.29 views

CVE-2020-37002 Ajenti 2.1.36 Authenticated Remote Code Execution

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS0.00653EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37002 Ajenti 2.1.36 Authenticated Remote Code Execution

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37001 Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30912

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37001

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.28 views

CVE-2020-37001 Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS0.00147EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.10 views

CVE-2020-37001

CVE-2020-37001 affects Frigate Professional 3.36.0.9. The vulnerability is a local buffer overflow in the Pack File feature that allows an attacker to overflow the 'Archive To' input, overwriting the Structured Exception Handler (SEH) and enabling an egghunter-based payload to execute a reverse s...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/29 1:25 p.m.11 views

Malicious code in mcp-pdftool-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/01/29 1:25 p.m.4 views

MAL-2026-603 Malicious code in mcp-pdftool-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e92dea8be02288f271dacad2cd77f1bdd54596da1691cb738c4a7b7b4f77d21 When using the library, the hidden code starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/29 12:47 p.m.222 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Hp Power_Manager

CVE-2009-3999 HP Power Manager 4.2 Build 7 exploit inspire...

10CVSS5.9AI score0.71612EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.7 views

PT-2026-5277

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References4
Redos
Redos
added 2026/01/29 12:0 a.m.5 views

ROS-20260129-73-0005

A vulnerability in the GNOME Shell graphical shell of the GNOME desktop environment of Linux operating systems is related to the failure to take measures to neutralize a script in attributes on a web page. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

6.5CVSS6.2AI score0.00299EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.10 views

PT-2026-5361

Name of the Vulnerable Software and Affected Versions Kimi Agent SDK versions prior to 0.1.6 Description The Kimi Agent SDK libraries expose the Kimi Code agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to the execSync function as shell command string...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.10 views

PT-2026-5278

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References4
Rows per page
Query Builder