WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. id: CVE-2025-6058 info: name: WPBookit "; ifisset$GET"cmd" echo "";...

Offline Hospital Management System 安全漏洞

Offline Hospital Management System is a hospital information management system developed by silverplugins21. Version 5.3.0 of Offline Hospital Management System has a security vulnerability. This vulnerability stems from improper configuration of the Electron renderer. By enabling Node.js...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

CVE-2023-29924

PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution...

CVE-2018-19220

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

CVE-2018-19180

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

CVE-2021-31637

An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL...

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

CVE-2019-11952

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2020-7185

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7554

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition Def.exe version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF Configuration Group File file is imported to IGSS Definition...

CVE-2020-7176

A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7141

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7209

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2...

CVE-2020-7186

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-12675

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

CVE-2020-24384

A10 Networks ACOS and aGalaxy management Graphical User Interfaces GUIs have an unauthenticated Remote Code Execution RCE vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x including and after 3.2.2, 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x...