358 matches found
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard
ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard
ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...
CVE-2025-62521
Summary: CVE-2025-62521 affects ChurchCRM before 5.21.0. A pre-authentication RCE exists in the setup wizard due to unsanitized user input in setup/routes/setup.php, which is directly concatenated into a PHP configuration template and written to Include/Config.php, then executed on every page loa...
Exploit for Heap-based Buffer Overflow in Microsoft
CVE-2024-38077 - MadLicense !Pythonhttps://img.shields.i...
Exploit for Deserialization of Untrusted Data in Facebook React
ReactOOPS - HTB Web Challenge Writeup...
CVE-2025-13662
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required...
PT-2025-50088
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 SR1 Description A flaw exists in the patch management component of Ivanti Endpoint Manager that involves improper verification of cryptographic signatures. This allows a remote, unauthenticate...
CVE-2025-66576
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...
CVE-2020-36881
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
CVE-2020-36881
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
CVE-2020-36881 Flexsense DiskBoss 'Add Input Directory' Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
EUVD-2020-30823
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
Exploit for CVE-2025-55182
CVE-2025-55182 This repository contains a PoC reproduction of...
Flexsense DiskBoss 缓冲区错误漏洞
Flexsense DiskBoss is a disk management tool from Flexsense USA. A buffer error vulnerability exists in Flexsense DiskBoss version 7.7.14, which stems from a local buffer overflow in the Input Directory component, which could allow an unauthenticated attacker to execute arbitrary code...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66576 Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
Remotecontrolio Remote Keyboard Desktop 操作系统命令注入漏洞
Remotecontrolio Remote Keyboard Desktop is a remote control application from Remotecontrolio. An operating system command injection vulnerability exists in Remotecontrolio Remote Keyboard Desktop version 1.0.1, which stems from a flaw in the rundll32.exe export function that could lead to...
PT-2025-49152
Name of the Vulnerable Software and Affected Versions Remote Keyboard Desktop version 1.0.1 Description The software allows remote attackers to execute system commands. This is possible through the rundll32.exe exported function export, leading to unauthenticated code execution. Recommendations A...