91 matches found
UnRaid <=6.80 - Remote Code Execution
UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. id: CVE-2020-5847 info: name: UnRaid =6.80 - Remote Code Execution author: madrobot severity: critical description: UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. impact: |...
Unraid < 7.3.0 Multiple Command Injection Vulnerabilities (ZDI-26-385 / ZDI-26-386)
The remote host is running a version of Unraid prior to 7.3.0. It is, therefore, affected by multiple vulnerabilities: - A command injection vulnerability exists in the FileUpload.php file due to the lack of proper validation of a user-supplied string before using it to execute a system call. An...
EUVD-2026-39108
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
EUVD-2026-39109
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...
CVE-2026-9772
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
CVE-2026-9773
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...
CVE-2026-9773 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability
Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...
CVE-2026-9773
CVE-2026-9773 affects Unraid Web Server, specifically ToggleState.php, where unsafely used user-supplied input in a system call enables remote code execution. The vulnerability allows an attacker with authentication to execute arbitrary code with the www-data user context. The CVSS v3.0 base scor...
CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
CVE-2026-9772
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
CVE-2026-9772
Unraid Web Server FileUpload Command Injection (CVE-2026-9772) allows authenticated attackers to execute arbitrary code on affected installations via a crafted FileUpload.php input, executing a system call as www-data. Root cause: insufficient validation of a user-supplied string before a system ...
PT-2026-52119
Name of the Vulnerable Software and Affected Versions Unraid Web Server affected versions not specified Description A command injection flaw in the FileUpload.php file allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue is caused by...
PT-2026-52120
Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...
CVE-2026-3839
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-3838
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
Unraid < 7.2.4 Multiple Vulnerabilities (ZDI-26-171 / ZDI-26-172)
The remote host is running a version of Unraid prior to 7.2.4. It is, therefore, affected by multiple vulnerabilities: - A path traversal vulnerability exists in the update.php file due to the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated...
EUVD-2026-12168
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
EUVD-2026-12166
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
CVE-2026-3839
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-3838
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...