CVE-2026-27130

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

EUVD-2026-30809

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

CVE-2026-27130

CVE-2026-27130 affects Dokploy (PaaS) versions ≤ 0.26.6. The vulnerability is an OS command injection in the appName parameter, caused by three chained issues: inadequate input sanitization (cleanAppName only lowers case and replaces spaces), lack of schema validation, and direct interpolation of...

EUVD-2016-10827

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

EUVD-2024-47744

Malicious code in bioql PyPI...

CVE-2025-32323

CVE-2025-32323: In Shared.java getCallingAppName, input validation allows deceptive permission-popup text to trick users into granting file access. This enables local elevation of privilege, with no additional execution privileges and no user interaction required. Affected: Android framework code...

MAL-2025-14666 Malicious code in app_name (npm)

The package appname was found to contain malicious code...

CVE-2021-39764

In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from a regular user being incorrectly granted permission to edit the app name and description...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI version V12, which stems from the startappserver function not properly cleaning up the appname parameter, which could lea...

CVE-2024-6700

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name...

CVE-2024-6700

Pega Platform (versions 8.1 to Infinity 24.1.2) is affected by a Cross-Site Scripting (XSS) vulnerability in the App name. The available documents identify the issue as XSS but do not specify the underlying code path or root cause details. The PT-2024-37807 entry consistently lists the affected r...

CVE-2024-6700

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name...

CVE-2024-6700

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name...

PT-2024-37807 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 24.1.2 Description: The issue is related to Cross-Site Scripting XSS in the Pega Platform, specifically with the App name. Recommendations: For Pega Platform versions 8.1 to Infinity 24.1.2, update to a...

Siemens RUGGEDCOM ROX 系列多款产品 命令注入漏洞

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A command injection vulnerability exists in the Siemens RUGGEDCOM ROX, which stems from a lack of server-side input validation, making the uninstall-ap...

KoodousFinder - A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account and API Key Create a Koodous account and get your api key https://koodous.com/settings/developers Install $ pip install koodousfinder Arguments Param | description ---|-...

CVE-2021-39764

In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from incorrect input validation in settings, which may display the wrong application name and can be exploited by an attacker to escalate privileges...