SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the con
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP a
SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicio
A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title p
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unaut
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers c
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by conne
SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an at
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially le
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipula
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untruste
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authe
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication i
The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML out
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiti
Page 1+ Next →