Exploit Database
125,823 exploits tracked across all sources.
Multiple Camera Devices - Info Disclosure
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 9.8
Multiple Camera Devices - Command Injection
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 7.2
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
by Defused, sfewer-r7
CVSS 9.8
D-Tale RCE
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.
by taiphung217, Takahiro Yokoyama
CVSS 9.8
Cisco Integrated Management Controlle... - Improper Input Validation
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.
CVSS 7.2
Cisco Rv320 Firmware < 1.4.2.22 - OS Command Injection
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
by RedTeam Pentesting GmbH, Philip Huppert, Benjamin Grap
CVSS 7.2
Cisco Hyperflex HX Data Platform < 4.0\(2e\) - OS Command Injection
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
by Nikita Abramov, Mikhail Klyuchnikov, wvu
CVSS 9.8
Merethis Centreon - Code Injection
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
by MaZ, juan vazquez
Axis IP Cameras - Auth Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
by Or Peles, wvu, sinn3r, Brent Cook, Jacob Robles, Matthew Kienow, Shelby Pace, Chris Lee, Cale Black
CVSS 9.8
Axis IP Cameras - Info Disclosure
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
by Or Peles, wvu, sinn3r, Brent Cook, Jacob Robles, Matthew Kienow, Shelby Pace, Chris Lee, Cale Black
CVSS 9.8
Atutor - SQL Injection
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
by Max0x4141
CVSS 8.8
Apache Couchdb < 1.7.0 - OS Command Injection
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
by Max Justicz, Joan Touzet
CVSS 7.2
Apache Airflow < 1.10.11 - Missing Authentication
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
by xuxiang, Pepe Berba, Ismail E. Dawoodjee
CVSS 9.8
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Stephane Chazelas, wvu, lcamtuf
CVSS 9.8
N8n < 1.121.3 - Code Injection
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
by CVEs-Labs
CVSS 9.9
GLPI has a Server-Side Template Injection via Double-Compilation
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
by CEAarab
CVSS 9.1
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
by Y3B3L4Y3
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
by joaoreis13
CVSS 10.0
Windows Active Directory Remote Code Execution Vulnerability
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
by kaleth4
CVSS 8.0
Microsoft Defender Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
by kaleth4
CVSS 7.8
WordPress - Blind SSRF
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
by TJouleL
CVSS 5.9
Windows TCP/IP Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
by kaleth4
CVSS 8.1
Microsoft Server Message Block < 4.0e - Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by dannic145
CVSS 8.8
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by wired0ut
By Source