Lucene search
K

457866 matches found

CVE
CVE
added 2026/06/16 2:52 p.m.18 views

CVE-2026-12398

The CVE-2026-12398 entry describes a command-injection in galaxy_ng via the legacy role import API (v1) do_git_checkout(), where unsanitized git ref names are interpolated into shell commands executed with subprocess.run(shell=True). An authenticated user controlling a git repo can craft branch/t...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 2:52 p.m.7 views

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.2AI score0.00889EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 2:42 p.m.8 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.36 views

Astro: Reflected XSS via unescaped slot name

Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 1:36 p.m.4 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 1:16 p.m.10 views

CVE-2026-53900

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS0.001EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 12:58 p.m.5 views

WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JobSearch versions = 3.2.9...

9.3CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/16 11:53 a.m.7 views

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS5.4AI score0.001EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 11:53 a.m.13 views

CVE-2026-53900

CVE-2026-53900 concerns Firefox for iOS. The issue: cookies set on the initial PDF request were preserved across cross-origin HTTP redirects in TemporaryDocument, enabling a malicious site to inject cookies into requests to an unrelated target domain. The CVE has a base score of 4.3 (Medium) per ...

4.3CVSS5.5AI score0.001EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/16 11:53 a.m.25 views

CVE-2026-53900 Cookie injection was possible when opening a PDF link

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

0.001EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:50 a.m.3 views

BIT-MYSQL-CLIENT-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:50 a.m.3 views

BIT-MYSQL-CLIENT-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

9.9CVSS5.5AI score0.00554EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 10:57 a.m.7 views

HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

8.5CVSS6.1AI score0.0088EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/16 10:30 a.m.39 views

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...

9.8CVSS6.6AI score0.48668EPSS
Exploits7
NVD
NVD
added 2026/06/16 10:16 a.m.15 views

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.12 views

CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.9 views

CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...

9.3CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.9 views

CVE-2026-39581

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-52712

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.10 views

CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
Rows per page
Query Builder