Lucene search
K

110 matches found

EUVD
EUVD
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9916

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

9.8CVSS6.2AI score0.00476EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 4:46 p.m.9 views

GHSA-3HCM-GGVF-RCH5 OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes

Summary Exec approvals allowlist bypass via command substitution/backticks inside double quotes. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.2 Impact Only affects setups that explicitly enable the optional exec approvals allowlist feature. Default installs are...

9.8CVSS5.5AI score0.00476EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.11 views

CVE-2023-29134

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit...

8.6CVSS6.9AI score0.00586EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-28220

Malicious code in bioql PyPI...

8.6CVSS6.5AI score0.0077EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33022

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0075EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28554

Malicious code in bioql PyPI...

9.8CVSS6.7AI score0.02281EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2025/09/04 6:0 a.m.4 views

Backticks not treated as string delimiters in html/template

...

9.8CVSS9.3AI score0.02281EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 4:54 a.m.5 views

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.

...

7.8CVSS7AI score0.0466EPSS
Exploits4
OSV
OSV
added 2025/04/03 2:5 p.m.5 views

BIT-DOLIBARR-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

9.8CVSS7.9AI score0.03815EPSS
Exploits3References4
NVD
NVD
added 2025/01/13 8:15 p.m.17 views

CVE-2025-23026

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS0.00285EPSS
Exploits0References3
OSV
OSV
added 2025/01/13 4:57 p.m.2 views

GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

6.1CVSS5.9AI score0.00285EPSS
Exploits0References6
Snyk
Snyk
added 2024/10/05 12:41 a.m.1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the improper neutralization of special elements such as backticks in SQL commands. Remediation Upgrade mediawiki/cargo to version 3.7 or higher. References - Gerrit Mediawiki - GitHub Commit - Wikimedia Phabricator...

9.8CVSS8AI score0.00534EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/05 12:29 a.m.16 views

CVE-2024-47849 Backticks can allow the usage of not-allowed SQL functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...

8.8CVSS7.7AI score0.00534EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/05 12:29 a.m.14 views

CVE-2024-47849 Backticks can allow the usage of not-allowed SQL functions

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...

8.8CVSS0.00534EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.38 views

RHEL 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3540)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3540 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

9.8CVSS7.2AI score0.02281EPSS
Exploits0References17
Cvelist
Cvelist
added 2024/03/27 12:0 a.m.14 views

CVE-2023-29134

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit...

6.8AI score0.00586EPSS
Exploits0References5
CVE
CVE
added 2024/03/27 12:0 a.m.54 views

CVE-2023-29134

The CVE-2023-29134 issue affects the MediaWiki Cargo extension (versions through 1.39.3). The root cause is mishandling of backticks in smartSplit within Cargo, leading to vulnerability in the affected component. Documented impact indicates partial integrity and confidentiality concerns and a hig...

8.6CVSS6.8AI score0.00586EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-12205 · Mediawiki · Mediawiki Cargo Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki Cargo extension versions through 1.39.3 Description: An issue was discovered in the Cargo extension for MediaWiki, where there is mishandling of backticks to smartSplit. Recommendations: For MediaWiki Cargo extension versions throug...

8.6CVSS6.9AI score0.00586EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/11/14 4:3 p.m.4 views

golang: html/template: backticks not treated as string delimiters

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...

9.8CVSS7.1AI score0.02281EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.3 views

golang: html/template: backticks not treated as string delimiters

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...

9.8CVSS7.1AI score0.02281EPSS
Exploits0References6
Rows per page
Query Builder