CVE-2026-33993

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

CVE-2026-33994

Locutus (npm) in parse_str.js is affected by a prototype-pollution vulnerability in versions 2.0.39 through 3.0.24, due to an incomplete fix for CVE-2026-25521. The attack can pollute Object.prototype by overriding RegExp.prototype.test and supplying a crafted query string, bypassing the guard th...

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

CVE-2026-33993

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

PT-2026-28588

Name of the Vulnerable Software and Affected Versions locutus versions 2.0.39 through 3.0.24 Description A prototype pollution issue exists in the parse str function of the npm package locutus. An attacker can manipulate Object.prototype by overriding RegExp.prototype.test and then providing a...

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.25 contained security vulnerabilities. These vulnerabilities stemmed from the unserialize function not filtering the proto key, which could lead to prototype pollution, property injection, and...

Le-show Medical Practice Management System SQL注入漏洞

Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...

SUSE CVE-2016-3461

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server...

CVE-2018-20418

index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-03526)

Craft CMS is a content management system CMS for developers and content managers. A cross-site scripting vulnerability exists in the /admin-panel-path/index.php?p=admin/actions/entries/save-entry URL in Craft CMS version 3.0.25. A remote attacker can exploit this vulnerability to inject arbitrary...

Samba User Emulation Vulnerability

Samba is a set of free software developed by the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A security...

Sophos Cyberoam Central Console (CCC) Detection (SSH Login)

SSH login-based detection of Sophos Cyberoam Central Console CCC. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"

Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

Samba NSS_Info插件本地权限提升漏洞

BUGTRAQ ID: 25636 CVECAN ID: CVE-2007-4138 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 idmapad.so库中为Winbind提供了nssinfo扩展用于从活动目录域控制台检索用户的主目录路径、登录shell和主组id等，可通过将winbind nss info的smb.conf选项定义为sfu或rfc2307来启用这个功能。 Windows的Identity Management for Unix和Services for Unix...

Samba < 3.0.25 Multiple Vulnerabilities

Binary data 3990.prm...

Samba < 3.0.25 Multiple Vulnerabilities

According to its banner, the version of the Samba server installed on the remote host is affected by multiple buffer overflow and remote command injection vulnerabilities, which can be exploited remotely, as well as a local privilege escalation bug. C Tenable Network Security, Inc...