Rce

CCTV management portal with an unauthenticated camera stream API. Lua script injection via camera name field executes OS commands as root.…

Handlebars SSTI in Node.js escalates from a reflected error to RCE via process.mainModule.require; each template injection primitive traced.…

Jenkins 2.289.1 with default root:password credentials. Script Console runs Groovy — one line of Groovy spawns a reverse shell as root. No escalation needed.…