CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

PT-2026-38670

Name of the Vulnerable Software and Affected Versions Control Web Panel CWP versions prior to 0.9.8.1209 Description Unauthenticated attackers can inject and execute arbitrary OS commands with root privileges on the web server. This occurs because user input provided through the key GET parameter...

Security Bulletin: Vulnerability in IBM's Common Cryptographic Architecture (CCA) (CVE-2025-13375)

Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. A security vulnerability exists that has a high confidentiality, integrity and availability impact on card and consuming applications. Vulnerability Details CVEID:CVE-2025-13375...

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

VulnCheck KEV: CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

CVE-2025-13375

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform developed by the American multinational company International Business Machines IBM. It provides features for protecting financial transactions. Versions 7.5.52 and 8.4.82 of IBM Common Cryptographic Architecture contain security...

PT-2026-5875

Name of the Vulnerable Software and Affected Versions IBM Common Cryptographic Architecture CCA versions 7.5.52 and 8.4.82 Description The software contains a flaw that could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. This impacts systems...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

📄 Siklu EtherHaul EH-8010 / EH-1200 Vulnerability Scanner

This PHP-based scanner safely detects an unauthenticated remote command execution vulnerability in Siklu EtherHaul EH-8010 and EH-1200 devices by sending a non-destructive encrypted probe command and validating the response. The scanner does not alter device state and is suitable for large-scale...

Vulnerabilities fixed in Cisco Unified Communications products

Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...

CVE-2023-54329

Inbit Messenger 4.6.0–4.9.0 is affected by an unauthenticated remote command execution via a stack overflow in the messenger’s protocol. The vulnerability allows attackers to send specially crafted XML packets to TCP port 10883 to trigger execution of arbitrary commands with system privileges. Th...

CVE-2025-12548

The CVE-2025-12548 issue affects Eclipse Che che-machine-exec, exposed in Red Hat OpenShift Dev Spaces. A flaw allows unauthenticated remote arbitrary command execution and secret exfiltration from other users’ Developer Workspace containers via an unauthenticated JSON-RPC/WebSocket API on TCP po...

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from a lack of authentication in the adm.cgi endpoint configuration change module, which could allow an unauthenticated attacker to execute command...

CVE-2025-27020

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

EUVD-2025-201700

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

CVE-2025-11546

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...