Lucene search
+L

229 matches found

Debian CVE
Debian CVE
added 2022/05/16 12:0 a.m.48 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS9.3AI score0.0341EPSS
Exploits2
Cvelist
Cvelist
added 2022/05/16 12:0 a.m.37 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8AI score0.0341EPSS
Exploits2References5
OSV
OSV
added 2022/05/16 12:0 a.m.31 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS9.4AI score0.0341EPSS
Exploits2References7
OSV
OSV
added 2022/03/21 8:18 p.m.5 views

MGASA-2022-0109 Updated stunnel packages fix security vulnerability

Update to 5.62 including new features and bugfixes: Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service bsc1181400. New features - Added new "protocol ...

7.2AI score
Exploits0References4
Trellix
Trellix
added 2022/02/08 12:0 a.m.13 views

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

0.9AI score
Exploits0
Trellix
Trellix
added 2022/02/08 12:0 a.m.10 views

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag!

Trellix Global Defenders: BlackCat Ransomware as a Service - The Cat is certainly out of the bag! By Trellix · February 8, 2022 Research Contributions and Analysis: Filippo Sitzia This story was written by Arnab Roy Threat Summary Blackcat also known as ALPHV/Noberus is a Ransomware as a Service...

8AI score
Exploits0
CNNVD
CNNVD
added 2022/01/07 12:0 a.m.9 views

Sphinx Technologies Sphinx 路径遍历漏洞

Sphinx Technologies Sphinx is a full-text F/OSS search engine from Sphinx Technologies, USA. Sphinx Technologies Sphinx suffers from a path traversal vulnerability that stems from the discovery that sphinxsearch, a fast standalone full-text SQL search engine, can be allowed to abuse configuration...

7.5CVSS7.3AI score0.02166EPSS
Exploits2References8
OSV
OSV
added 2021/12/22 8:24 a.m.6 views

SUSE-SU-2021:4147-1 Security update for chrony

This update for chrony fixes the following issues: Chrony was updated to 4.1: Add support for NTS servers specified by IP address matching Subject Alternative Name in server certificate Add source-specific configuration of trusted certificates Allow multiple files and directories with trusted...

6CVSS6.3AI score0.00485EPSS
Exploits0References25
Cvelist
Cvelist
added 2021/09/24 5:50 p.m.33 views

CVE-2021-22868 Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

5.2AI score0.00899EPSS
Exploits0References3
Veracode
Veracode
added 2021/08/25 3:16 a.m.14 views

Template Injection

hbs is vulnerable to template injection. The vulnerability exists due to a lack of sanitization of configuration options when input into the system via the Express render API. An attacker is able to view a file by overwriting an internal configuration option...

5.3CVSS2.9AI score0.01178EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/08/18 12:0 a.m.11 views

TryGhost express-hbs information disclosure vulnerability

TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...

5.3CVSS1AI score0.01178EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/16 6:45 p.m.35 views

CVE-2021-32822 File disclosure in hbs

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...

4CVSS5.4AI score0.01178EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/14 8:55 p.m.29 views

CVE-2021-22867 Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

5.2AI score0.01171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/06/16 3:14 p.m.69 views

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

9CVSS2.7AI score0.03885EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2021/06/12 5:9 p.m.287 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly

CVE-2021-32819 CVE-2021-32819 : SquirrellyJS mixes pure templa...

8.8CVSS9.1AI score0.59844EPSS
Exploits2
Veracode
Veracode
added 2021/05/18 8:26 a.m.24 views

Remote Code Execution (RCE)

squirrelly is vulnerable to remote code execution. The vulnerability exists because of an insecure template handling, allowing overwriting of internal configuration options that can trigger remote code execution...

8.8CVSS3.4AI score0.59844EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2021/05/14 7:15 p.m.20 views

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS6.7AI score
Exploits0References5
Prion
Prion
added 2021/05/14 7:15 p.m.18 views

Remote code execution

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

6.8CVSS8.7AI score0.59844EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2021/05/14 6:25 p.m.43 views

CVE-2021-32820 File disclosure in Express Handlebars

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.7AI score0.17988EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/05/14 12:0 a.m.25 views

CVE-2021-32819 Remote code execution in squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8CVSS9AI score0.59844EPSS
Exploits2References4
Rows per page
Query Builder