Lucene search
+L

5 matches found

EUVD
EUVD
added 2026/06/29 5:20 p.m.9 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
Drupal
Drupal
added 2026/06/17 12:0 a.m.11 views

Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00307EPSS
Exploits0References3
Veeam
Veeam
added 2016/07/12 12:0 a.m.14 views

Standalone Tape Fails All Operations

Standalone Tape Fails All Operations...

0.9AI score
Exploits0
Rows per page
Query Builder