Unauthenticated OS command injection in the WiFi captive portal API endpoint (api.cgi) of thingino-firmware allows any device on the camera's AP to execute arbitrary commands as root, achieving full device compromise.
An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows reading, writing, and deleting arbitrary files on the flight controller.
A logic error in the session validation of PX4's MAVLink FTP implementation allows operations on invalid file descriptors and session isolation bypass.
A CSRF vulnerability in the massiveAdmin plugin for GetSimpleCMS-CE allows an unauthenticated attacker to achieve RCE by overwriting gsconfig.php.
Stored Cross-Site Scripting in Gogs self-hosted Git service via data: URI scheme allowed by the HTML sanitizer, enabling JavaScript execution through malicious links.
Unauthenticated HTTP Header Injection in the Ajaxify Comments WordPress plugin (< 3.2) due to insufficient input sanitization, allowing attackers to inject arbitrary HTTP headers.
Server-Side Request Forgery in Statamic CMS's Glide image manipulation proxy allows unauthenticated attackers to make the server send HTTP requests to arbitrary URLs, including internal services and cloud metadata endpoints.
Unauthenticated information disclosure in Homarr's integration.all tRPC endpoint exposes internal service URLs, integration names, and service types to unauthenticated users in versions ≤ 1.53.2.
IP-based brute-force protection in Calibre's Content Server can be completely bypassed by spoofing the X-Forwarded-For header, allowing unlimited password guessing attempts in versions ≤ 9.3.1.
OS Command injection vulnerability in OneUptime's Probe NetworkPathMonitor allows authenticated users to execute arbitrary commands via unsanitized traceroute destinations.
Arbitrary command injection in yt-dlp's --netrc-cmd option allows an attacker to execute OS commands via a maliciously crafted URL, exploitable through HTTP redirects.
Server-Side Template Injection vulnerability in Calibre's Templite engine allows arbitrary Python code execution via user-supplied HTML export templates in versions ≤ 9.1.0.
SQL injection vulnerability in HotelDruid 2.2.3 via unsanitized inizioperiodo and fineperiodo parameters in disponibilita.php, allowing full database extraction.
Authenticated Remote Code Execution in Havoc C2 framework by chaining SSRF with command injection to execute arbitrary commands on the teamserver.