Lucene search
+L

169 matches found

NVD
NVD
added 4 days ago3 views

CVE-2026-46644

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
CVE
CVE
added 4 days ago61 views

CVE-2026-46644

CVE-2026-46644 affects symfony/polyfill-intl-idn (1.17.1–1.38.1). The Idn::process() routine does not enforce UTS #46 rev 33 after Punycode decoding, allowing xn-- labels with empty or ASCII-only payloads to be treated as equal to their decoded form. This can enable blacklist bypass, inconsistent...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 10:45 p.m.13 views

EUVD-2026-32587

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 6:16 p.m.19 views

CVE-2026-48153

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

8.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:52 p.m.13 views

CVE-2026-48153 Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:50 p.m.10 views

CVE-2026-45061

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/27 4:50 p.m.3 views

CVE-2026-45061 Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...

7.7CVSS6AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Pypy

In Python 2.x through 2.7.16, urllib supports the localfile scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. This is demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.8AI score0.12261EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.17 views

PT-2026-41397

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticat...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

JunoClaw 操作系统命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.30 views

CVE-2026-42612

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS0.00238EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 3:22 p.m.2 views

CVE-2026-42612 Grav: Publisher-Level Stored XSS via Unquoted Event Attributes

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS6.2AI score0.00238EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:27 p.m.17 views

Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes

Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.28 views

PT-2026-37278

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A stored Cross-Site Scripting XSS issue allows publisher-level accounts to execute arbitrary JavaScript. The problem is caused by a blacklist bypass in the detectXss function, which fails to...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References8
NVD
NVD
added 2026/04/23 10:16 a.m.6 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS0.00938EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.10 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00938EPSS
Exploits1References4
NVD
NVD
added 2026/04/21 3:16 p.m.8 views

CVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS0.00572EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 9:13 a.m.9 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability

Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

8.1CVSS5.8AI score0.04175EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder