3 matches found
CVE-2026-44666
creationtimestamp| type| source ---|---|--- 2026-05-15 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mltznm4m4d2f 2026-05-15 00:00:58+00:00| seen| https://infosec.exchange/users/offseq/statuses/116575648891629346 2026-05-15 01:47:07+00:00| seen|...
CVE-2026-44666 HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...
CVE-2026-44666 HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...