Affix

8 exploits Active since May 2009
CVE-2022-36231 NOMISEC CRITICAL WORKING POC
pdf_info 0.5.3 - OS Command Injection via Backticks
pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.
5 stars
CVSS 9.8
CVE-2026-0770 NOMISEC CRITICAL WORKING POC
Langflow validate exec_globals - Unauthenticated Root Code Execution
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.
1 stars
CVSS 9.8
CVE-2026-0770 GITHUB CRITICAL python WORKING POC
Langflow validate exec_globals - Unauthenticated Root Code Execution
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the exec_globals parameter provided to the validate endpoint. The issue results from the inclusion of a resource from an untrusted control sphere. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27325.
CVSS 9.8
CVE-2009-1786 EXPLOITDB bash WORKING POC
IBM AIX 5.3 and 6.1 - Arbitrary File Creation or Overwrite via MALLOCDEBUG Log File Symlink
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
CVE-2009-3252 EXPLOITDB text WORKING POC
Dave Robinson Rockbandcms - SQL Injection
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
CVE-2009-3252 EXPLOITDB text WRITEUP
Dave Robinson Rockbandcms - SQL Injection
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
EIP-2026-110051 EXPLOITDB text WORKING POC
onepound shop 1.x - 'products.php' SQL Injection
EIP-2026-110050 EXPLOITDB text WRITEUP
onepound Shop / CMS - Cross-Site Scripting / SQL Injection