Vendor
critical
advisory
Xerte Online Toolkits Unauthenticated Remote Code Execution via File Upload
2 rules 3 TTPs 1 CVEXerte Online Toolkits 3.15 and earlier contain an incomplete input validation vulnerability allowing unauthenticated attackers to upload malicious PHP code with a '.php4' extension, leading to arbitrary operating system command execution on the server.
Online Toolkits
cve-2026-34415
rce
file-upload
web-application
2r
3t
1c
critical
advisory
Xerte Online Toolkits Unauthenticated Remote Code Execution via elFinder Connector
2 rules 1 TTP 1 CVEXerte Online Toolkits versions 3.15 and earlier are vulnerable to unauthenticated remote code execution due to a missing authentication check in the elFinder connector, allowing arbitrary file operations that can be chained with other vulnerabilities.
Xerte Online Toolkits
CVE-2026-34413
xerte
rce
2r
1t
1c
critical
advisory
Xerte Online Toolkits Path Traversal Vulnerability
2 rules 2 TTPs 1 CVEXerte Online Toolkits 3.15 and earlier are vulnerable to relative path traversal, allowing attackers to move files and potentially achieve remote code execution.
Xerte Online Toolkits
path-traversal
remote-code-execution
xss
2r
2t
1c