Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...

PT-2026-4924

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0 Description Victor CMS version 1.0 has a file upload issue. Authenticated users can upload malicious PHP files through the profile image upload feature. An attacker can upload a PHP shell to the /img directory and execut...

CVE-2025-50002 WordPress Energia theme <= 1.1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through = 1.1.2...

CVE-2026-1331

CVE-2026-1331 reports an Arbitrary File Upload in MeetingHub (HAMASTAR Technology). Public details across sources indicate unauthenticated remote attackers can upload and execute web shell backdoors, enabling arbitrary code execution on the server. Technical specifics include an upload handler (e...

nullsec-payloads

NullSec Payloads ███▄ █ █ ██ ██▓ ██▓...

PT-2026-3924

Name of the Vulnerable Software and Affected Versions MeetingHub affected versions not specified Description MeetingHub, developed by HAMASTAR Technology, has an arbitrary file upload issue. This allows unauthenticated remote attackers to upload and execute web shell backdoors, leading to arbitra...

CVE-2026-1222

CVE-2026-1222 involves the PrismX MX100 AP controller from Browan Communications, which has an arbitrary file upload vulnerability that could allow privileged remote attackers to upload and execute web shells, enabling arbitrary code execution on the server. The connected sources consistently des...

CVE-2026-1222

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

ZesleCP operating system command injection vulnerability

ZesleCP is a Linux server control panel software developed by Zesle Corporation in Canada. Version ZesleCP 3.1.9 contains a vulnerability related to operating system command injection. This vulnerability stems from remote code execution after authentication, potentially allowing the creation of...

CVE-2005-1859

Unknown vulnerability in arshell in the Array Service arrayd for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array...

CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

PT-2026-1859

Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell...

SUSE CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non-POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

PT-2026-1513

Name of the Vulnerable Software and Affected Versions Themify Sidepane WordPress Theme versions n/a through 1.9.8 Themify Newsy versions n/a through 1.9.9 Themify Folo versions n/a through 1.9.6 Themify Edmin versions n/a through 2.0.0 Themify Bloggie versions n/a through 2.0.8 Themify Photobox...

CVE-2025-15226

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-15067

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

CVE-2025-15226

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-15226 Sunnet｜WMPro - Arbitrary File Upload

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

PT-2025-53702

Name of the Vulnerable Software and Affected Versions WMPro affected versions not specified Description WMPro developed by Sunnet has an arbitrary file upload issue. Unauthenticated remote attackers can upload and execute web shell backdoors, leading to arbitrary code execution on the server...