7872 matches found
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
mongo-express Remote Code Execution
mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...
XWiki Platform - SQL Injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...
CVE-2026-0276
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...
CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...
CVE-2026-0282
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...
CVE-2026-0281
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...
CVE-2026-0279
Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...
CVE-2026-0281
CVE-2026-0281 describes an information-disclosure vulnerability in Palo Alto Networks PAN-OS. An unauthenticated attacker with network access to the management web interface can obtain web session tokens, but exploitation requires a legitimate user to click a malicious link. Affected products inc...
CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...
CVE-2026-0282
CVE-2026-0282 describes a file deletion vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. Affected are PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual...
CVE-2026-0282
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...
EUVD-2026-42679
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...
CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...
CVE-2026-0286
Summary: CVE-2026-0286 is a command-injection vulnerability in the PAN-OS management plane. An authenticated administrator can execute arbitrary OS commands as root, via the CLI. The flaw affects PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual and M-Series); Cloud NGFW and Prism...
ALPINE-CVE-2026-42486
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-42486
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-23561
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-23562
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
ALPINE-CVE-2026-23559
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...