Missing Authentication for Critical Function

Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the terminal/ws WebSocket endpoint, which lacks authentication validation. An unauthenticated attacker can gain unauthorized...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 contain an unauthenticated EFI shell that can be leveraged to execute arbitrary code or escalate privileges during boot. Root cause is an EFI shell exposure in the RSU firmware; aff...

CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010...

CVE-2017-1000215

CVE-2017-1000215 affects ROOT xrootd versions 4.6.0 and earlier, exposing an unauthenticated shell command injection that enables remote code execution. The vulnerability is documented across multiple advisories (NVD, SUSE, Gentoo GLSA) indicating remote code execution via a shell command injecti...

Basic Contact Form <= 1.0.3 - Potential Unauthenticated Shell Upload

Uploading attachments in the contact form allows to run any kind of PHP code depending on the server config. The issue is related to this https://www.exploit-db.com/exploits/10089/ one. Explanation there will help to understand the problem. Following code is part of the function...

WP Symposium <= 14.11 - Unauthenticated Shell Upload

The wp-symposium WordPress plugin was affected by an Unauthenticated Shell Upload security vulnerability...

WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload

WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit written by Claudio Viviani Video Demo:...

Wordpress wpDataTables 1.5.3 shell Upload Exploit

The wordpress premium plugin wpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit...

Barclaycart - Unauthenticated Shell Upload

The Barclaycart WordPress plugin was found to be vulnerable to an Unauthenticated Shell Upload security vulnerability, due to using a vulnerable version of the third-party uploadify dependency. This issue has been seen exploited in the wild. PoC "@$uploadfile",...