Lucene search
K

115 matches found

NVD
NVD
added 2026/07/02 10:16 a.m.6 views

CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 5:45 a.m.23 views

CVE-2025-15666

Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...

5.3CVSS5.9AI score0.00123EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 9:15 p.m.10 views

CVE-2026-10293 UTT HiPER 1200GW formFireWall strcpy stack-based overflow

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be...

9CVSS7.6AI score0.00472EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.44 views

CVE-2026-38426

Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv10scripter.ino, fetchjpg, jpgtask.boundary40, strcpy function...

0.00614EPSS
Exploits2References2
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: kernel-livepatch-6.12.79-101.147

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.79-101.147 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6AI score0.03663EPSS
Exploits11
Github Security Blog
Github Security Blog
added 2026/05/21 9:41 p.m.18 views

@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...

5.9AI score0.0006EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 9:41 p.m.4 views

GHSA-X7J8-49R8-MR43 @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...

9.2CVSS5.9AI score0.0006EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.25 views

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

9.8CVSS0.01158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.10 views

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

6.5AI score0.01158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...

7.2CVSS5.8AI score0.05587EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 3:29 p.m.90 views

CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

0.00117EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/30 11:30 p.m.6 views

EUVD-2026-26464

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

9CVSS8.6AI score0.00472EPSS
Exploits0References4
OSV
OSV
added 2026/04/30 2:15 p.m.7 views

JLSEC-2026-362

SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP file...

7.8CVSS5.2AI score0.01311EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/04/29 10:0 p.m.32 views

CVE-2026-7418 UTT HiPER 1250GW NTP strcpy buffer overflow

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been public...

9CVSS0.00563EPSS
Exploits0References4
OSV
OSV
added 2026/04/29 1:21 p.m.5 views

JLSEC-2026-327

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5Tbitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclos...

7.8CVSS5.3AI score0.00324EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/22 5:6 p.m.9 views

Server-side Request Forgery (SSRF)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the copy function of the...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.10 views

EUVD-2026-24241

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/04/21 6:0 p.m.11 views

CVE-2026-6744

Bagisto (up to 2.3.15) contains a vulnerability in the Copy function of the Downloadable Link Handler that enables server-side request forgery (SSRF). The issue is exploitable remotely and has publicly available exploits; vendor notes that issues are addressed via a security advisory and plans fi...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/21 6:0 p.m.34 views

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

6.5CVSS0.00201EPSS
Exploits0References4
Rows per page
Query Builder