The DocsGPT version 0.8.1 through 0.12.0 allows remote attackers to execute arbitrary code via a crafted HTTP request. An attacker can exploit this vulnerability by sending a malicious payload in the 'data' parameter, leading to the execution of arbitrary commands on the target system. This vulnerability has been assigned CVE-2025-0868.
When using the 'insert media' feature in SilverStripe 5.3.8, the oEmbed JSON linked includes an unsanitized HTML attribute, allowing an attacker to execute a script payload on both the CMS and the website's front-end.
FLIR AX8 version 1.46.16 and below is vulnerable to remote command injection. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2022-37061.
The Progress Telerik Report Server 2024 Q1 version 10.0.24.305 and earlier allows attackers to bypass authentication. This vulnerability has been assigned CVE-2024-4358.
The exploit leverages a privilege escalation vulnerability in VirtualBox version 7.0.16. By exploiting this vulnerability, an attacker could elevate their privileges on the target system. The vulnerability is identified as CVE-2024-21111.
The MiniCMS version 1.10 is vulnerable to a Cross Site Scripting (XSS) attack. By injecting malicious script code into the 'date' parameter of the 'page.php' script, an attacker can execute arbitrary scripts in the context of the user's browser.
AquilaCMS 1.409.20 is prone to Remote Command Execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary commands remotely. This exploit has been assigned CVE-2024-48572 and CVE-2024-48573.
The SQL Injection vulnerability exists in RosarioSIS 7.6 through the 'votes' parameter. By manipulating the 'votes' parameter in the POST request, an attacker can inject malicious SQL queries. This can lead to unauthorized access to the database, data manipulation, and potentially further exploitation of the system. This vulnerability has been assigned the CVE identifier CVE-2021-44567.
This exploit targets a race condition in the signal handler of OpenSSH's server (sshd) specifically on glibc-based Linux systems. By exploiting a vulnerability where the SIGALRM handler invokes async-signal-unsafe functions, it allows for remote code execution as root.
The code-projects Online Exam Mastering System 1.0 is prone to a Reflected Cross-Site Scripting (XSS) vulnerability in the 'q' parameter of feedback.php. This issue occurs because the application does not properly sanitize user-supplied input, enabling an attacker to execute arbitrary JavaScript code.
Services By CQR