97 matches found
Improper Encoding or Escaping of Output
Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...
CVE-2026-32094
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...
PT-2026-24813
Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...
CVE-2026-2861
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...
CVE-2026-24615
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...
CVE-2026-24615
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...
CVE-2026-24615
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...
CVE-2026-24615 WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...
CVE-2026-24615
CVE-2026-24615 affects Cream Magazine (WordPress theme) up to version 2.1.10. Public docs describe a Missing Authorization vulnerability in cream-magazine that allows exploitation of improperly configured access controls. The Red Hat/RedHat-CVE and CVE databases confirm the issue and indicate the...
PT-2026-4447
Name of the Vulnerable Software and Affected Versions Cream Magazine versions through 2.1.10 Description An issue exists in Cream Magazine that relates to incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update Cream Magazine to a...
WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John P in WordPress Theme Cream Magazine versions = 2.1.10...
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...
WordPress IDonate plugin 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function vulnerability
WordPress IDonate plugin 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Deletion via adminpostdonordelete Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...
EUVD-2023-29610
Malicious code in bioql PyPI...
EUVD-2023-29877
Malicious code in bioql PyPI...
EUVD-2022-33780
Malicious code in bioql PyPI...
EUVD-2024-16913
Malicious code in bioql PyPI...
EUVD-2025-30654
Malicious code in bioql PyPI...
EUVD-2025-29692
Malicious code in bioql PyPI...
CVE-2025-58018
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Richard Leishman Mail Subscribe List mail-subscribe-list allows Stored XSS.This issue affects Mail Subscribe List: from n/a through = 2.1.10...