28486 matches found
PT-2026-54859
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.22 Craft CMS versions 4.0.0-RC1 through 4.17.15 Description An attacker with a GitHub account can inject a JavaScript payload into a craftcms/cms issue title. The payload executes within the control pan...
CVE-2025-71363
CVE-2025-71363 affects the picklescan tool prior to 0.0.30. It fails to detect cProfile.run calls within pickle reduce methods, enabling remote attackers to craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and cause code execution during deserialization.
CVE-2026-58370
Woodpecker
CVE-2026-44949
Summary: CVE-2026-44949 pertains to a vulnerability in the Rancher FleetWorkspace mutating webhook handled by the in-cluster rancher-webhook service. Affected versions: 0.7.0–0.7.10, 0.8.0–0.8.7, 0.9.0–0.9.6, and 0.10.0–0.10.7. Impact: An unauthenticated attacker with network access to the webhoo...
kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers
A flaw was found in the Linux kernel's networking skbuff component. When skbtrycoalesce attaches paged fragments, it can lose the SKBFLSHAREDFRAG marker. This can lead to the Encapsulating Security Payload ESP input decrypting data in place over page-cache backed fragments, potentially resulting ...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...
CVE-2026-12240
The CVE-2026-12240 entry concerns the WordPress Export User Data plugin (up to version 2.2.6). Affected component: the unserialize path validation in the plugin allows an authenticated subscriber+ to trigger arbitrary file deletions on the server by exporting user data, with a crafted serialized ...
CVE-2026-12560
The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-51219
A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...
Linux Execute Command
Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...
CVE-2026-57951
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...
CVE-2026-57952
Mythic before 3.4.0.60 contains an authorization bypass in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpo...
CVE-2026-57952
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...
CVE-2026-57951
Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...
CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...
CVE-2026-50269
A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF Carriage Return Line Feed injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled...
EUVD-2026-40081
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...
PYSEC-2026-470 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...
PYSEC-2026-412 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py
Summary An explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil...
PYSEC-2026-297 BentoML SSRF Vulnerability in File Upload Processing
Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...