Lucene search
K

36609 matches found

NVD
NVD
added yesterday3 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

6.3AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-14380

DBI for Perl prior to 1.650 is vulnerable to code execution via the Profile attribute. When a string is assigned to Profile, DBI splits it into path, package and arguments and interpolates the package name in a string eval without validating the package, allowing attacker-controlled input from DB...

6.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

Exploits0References3
Nuclei
Nuclei
added yesterday17 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday21 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.3AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday149 views

ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

7.2CVSS7.1AI score0.13894EPSS
Exploits14References4
Nuclei
Nuclei
added yesterday182 views

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

9.8CVSS7.7AI score0.99105EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday66 views

Microweber <1.3.2 - Cross-Site Scripting

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. id: CVE-2022-3242 info: name: Microweber 1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber...

6.1CVSS6AI score0.01395EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday28 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday64 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7.1AI score0.10695EPSS
Exploits0References5
NVD
NVD
added 2 days ago7 views

CVE-2026-43921

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-43921

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-43921

FOSSBilling is affected by a PHP code injection in versions 0.6.10–0.7.2 via Config::prettyPrintArrayToPHP(), where updated configuration values are written to config.php without escaping single quotes. Because config.php is loaded with a bare include on each HTTP request, an admin with privilege...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago37 views

Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...

9.8CVSS6.6AI score0.0086EPSS
Exploits0Affected Software1
NVD
NVD
added 3 days ago5 views

CVE-2026-14749

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS0.00322EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-14749

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-14749 mjperpinosa stumasy calculate.php eval code injection

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS0.00322EPSS
Exploits0References6
CVE
CVE
added 3 days ago8 views

CVE-2026-14749

The CVE-2026-14749 entry concerns mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Vulnerability: the eval call in file application/pages/imba_calculator/calculate.php is affected; manipulating the argument mathematical_sentence enables code injection. Impact is remote, ...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References6
Rows per page
Query Builder