17 failles trouvées
filtres actifsA reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitiza
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi
[local] ZSH 5.9 - RCE
[webapps] React Server 19.2.0 - Remote Code Execution
[webapps] Jumbo Website Manager - Remote Code Execution
[webapps] FortiWeb 8.0.2 - Remote Code Execution
[webapps] xibocms 3.3.4 - RCE
[webapps] Horilla v1.3 - RCE
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
[webapps] motionEye 0.43.1b4 - RCE
[remote] Redis 8.0.2 - RCE
[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL