Export limit exceeded: 10344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34394 | 3 Amidaware, Barracuda, Barracuda Networks | 3 Tactical Rmm, Rmm, Rmm | 2026-03-05 | 9.8 Critical |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. | ||||
| CVE-2025-34393 | 3 Amidaware, Barracuda, Barracuda Networks | 3 Tactical Rmm, Rmm, Rmm | 2026-03-05 | 9.8 Critical |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types. | ||||
| CVE-2025-34392 | 3 Amidaware, Barracuda, Barracuda Networks | 3 Tactical Rmm, Rmm, Rmm | 2026-03-05 | 9.8 Critical |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload. | ||||
| CVE-2025-34291 | 1 Langflow | 1 Langflow | 2026-03-05 | 8.8 High |
| Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise. | ||||
| CVE-2024-58287 | 1 Yogeshojha | 1 Rengine | 2026-03-05 | 8.8 High |
| reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration. | ||||
| CVE-2023-53980 | 1 Projectsend | 1 Projectsend | 2026-03-05 | 9.8 Critical |
| ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server. | ||||
| CVE-2021-47735 | 1 Cmsimple | 1 Cmsimple | 2026-03-05 | 8.8 High |
| CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token. | ||||
| CVE-2025-71243 | 1 Spip | 2 Saisies, Saisies Pour Formulaire | 2026-03-05 | 9.8 Critical |
| The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later. | ||||
| CVE-2022-50936 | 1 Wbce | 1 Wbce Cms | 2026-03-05 | 8.8 High |
| WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload. | ||||
| CVE-2022-50919 | 1 Tdarr | 1 Tdarr | 2026-03-05 | 9.8 Critical |
| Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication. | ||||
| CVE-2021-47843 | 2 Pabloandumundu, Tagstoo | 2 Tagstoo, Tagstoo | 2026-03-05 | 5.4 Medium |
| Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer. | ||||
| CVE-2021-47794 | 2 Zesle, Zeslecp | 2 Zeslecp, Zeslecp | 2026-03-05 | 8.8 High |
| ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host. | ||||
| CVE-2021-47788 | 1 Websitebaker | 1 Websitebaker | 2026-03-05 | 8.8 High |
| WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server. | ||||
| CVE-2021-47758 | 1 Chikitsa | 1 Patient Management System | 2026-03-05 | 8.8 High |
| Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script. | ||||
| CVE-2021-47757 | 1 Chikitsa | 1 Patient Management System | 2026-03-05 | 8.8 High |
| Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server. | ||||
| CVE-2020-37125 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2026-03-05 | 9.8 Critical |
| Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device. | ||||
| CVE-2020-37090 | 1 Arox | 1 School Erp Pro | 2026-03-05 | 9.8 Critical |
| School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server. | ||||
| CVE-2020-37084 | 1 Arox | 1 School Erp Pro | 2026-03-05 | 7.2 High |
| School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server. | ||||
| CVE-2020-37032 | 1 Wftpserver | 1 Wing Ftp Server | 2026-03-05 | 8.8 High |
| Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function. | ||||
| CVE-2020-36911 | 1 Cobbr | 1 Covenant | 2026-03-05 | 9.8 Critical |
| Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system. | ||||