Lucene search
K

331 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 5:54 p.m.13 views

CVE-2025-59334

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS8.4AI score0.00398EPSS
Exploits1References1
NVD
NVD
added 2025/09/16 5:15 p.m.9 views

CVE-2025-59334

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS0.00398EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/16 4:48 p.m.3 views

CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS8.1AI score0.00398EPSS
Exploits1References2
CVE
CVE
added 2025/09/16 4:48 p.m.17 views

CVE-2025-59334

Linkr (versions up to 2.0.0) does not verify the integrity or authenticity of .linkr manifest files, allowing an attacker to tamper a manifest and inject arbitrary file entries, potentially enabling remote code execution if a downloaded file is executed. Version 2.0.1 adds a manifest integrity ch...

9.6CVSS8.1AI score0.00398EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/09/16 4:48 p.m.9 views

CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS0.00398EPSS
Exploits1References2
OSV
OSV
added 2025/09/16 4:48 p.m.5 views

CVE-2025-59334 Linkr allows manifest tampering leading to arbitrary file injection

Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package...

9.6CVSS8.4AI score0.00398EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.3 views

Linkr 安全漏洞

Linkr is a file transfer system by the individual developer Mohammad Zain. A security vulnerability exists in Linkr version 2.0.0 and earlier, which stems from failure to validate the integrity and authenticity of .linkr manifest files, and could lead to arbitrary file injection and remote code...

9.6CVSS8AI score0.00398EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.6 views

PT-2025-38060

Name of the Vulnerable Software and Affected Versions: Linkr versions through 2.0.0 Description: Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a...

9.6CVSS8AI score0.00398EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/09/14 3:2 a.m.3 views

CVE-2025-10387 codesiddhant Jasmin Ransomware handshake.php sql injection

A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machinename/computeruser/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated...

6.5CVSS6.5AI score0.00381EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/09/02 6:54 a.m.6 views

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/09/02 4:7 a.m.6 views

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/08/28 12:14 p.m.8 views

postgresql: PostgreSQL executes arbitrary code in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...

8.8CVSS7.9AI score0.00385EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/23 8:13 p.m.6 views

CVE-2025-55107

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

4.8CVSS6.9AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 7:29 p.m.4 views

CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

4.8CVSS7AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/23 1:50 p.m.14 views

CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...

9.3CVSS0.0282EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/23 1:50 p.m.4 views

CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...

9.3CVSS7.8AI score0.0282EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/07/19 10:17 p.m.840 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits22
GithubExploit
GithubExploit
added 2025/07/19 10:17 p.m.120 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits22
OSV
OSV
added 2025/07/10 5:15 p.m.6 views

AZL-65226 CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

7.5CVSS7.1AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:40 a.m.4 views

BIT-GIT-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

8.6CVSS7.5AI score0.00785EPSS
Exploits0References3
Rows per page
Query Builder