Lucene search
K

18 matches found

NVD
NVD
added 2026/06/16 5:16 p.m.12 views

CVE-2026-53776

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

9.3CVSS0.00357EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 3:18 p.m.24 views

CVE-2026-53776 Perry < 0.5.1166 JWT Expiration Bypass via verify_decode

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

9.3CVSS0.00357EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 3:18 p.m.20 views

CVE-2026-53776

Perry before 0.5.1166 contains a JWT validation vulnerability in the verify_decode helper that sets validate_exp = false unconditionally, enabling token expiration bypass. Attackers with a previously issued bearer token can present expired tokens to jwt.verify() calls and retain access, undermini...

9.3CVSS5.4AI score0.00357EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 4:16 p.m.16 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/06/11 2:47 p.m.21 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability in the ArtifactReady WebSocket messages. Unsanitized path components in artifact_name (and download_path) allow a malicious build server to write arbitrary content to any location writable by the running process, potentially overwritin...

8.6CVSS5.6AI score0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/11 2:47 p.m.32 views

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS0.00379EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48673

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact name field of ArtifactReady WebSocket messages. Attackers...

8.6CVSS5.6AI score0.00379EPSS
Exploits0References6
Patchstack
Patchstack
added 2021/01/20 12:0 a.m.8 views

WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites

Redirect to malicious websites found by Steve Perry in WordPress Digital Climate Strike WP plugin versions = 1.0.0. Solution 2021-01-21 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of January 20, 2021 and is not available f...

3AI score
Exploits0References2Affected Software1
Oracle linux
Oracle linux
added 2020/05/13 12:0 a.m.57 views

kernel security and bug fix update

4.18.0-193.1.22.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-193.1.22 - net netlabel: cope with NULL catmap Paolo Abeni 1827249...

7CVSS0.2AI score0.03097EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2018/01/06 12:10 a.m.8 views

teenvogue.com XSS vulnerability

Open Bug Bounty ID: OBB-488689 Description| Value ---|--- Affected Website:| teenvogue.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.4AI score
Exploits0
hackapp
hackapp
added 2016/04/01 10:18 a.m.14 views

Where’s My Perry? Free - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Where’s My Perry? Free published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:43 a.m.18 views

Katy Perry Pop - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Katy Perry Pop published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
0day.today
0day.today
added 2014/10/18 12:0 a.m.171 views

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

7.5CVSS0.1AI score0.99974EPSS
Exploits20
NVD
NVD
added 2014/09/09 1:55 a.m.13 views

CVE-2014-5606

The Where's My Perry? Free aka com.disney.WMPLite application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00317EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/09/09 1:0 a.m.18 views

CVE-2014-5606

The Where's My Perry? Free aka com.disney.WMPLite application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00317EPSS
Exploits0References3
CVE
CVE
added 2014/09/09 1:0 a.m.38 views

CVE-2014-5606

The CVE-2014-5606 entry concerns the Android app Where’s My Perry? Free (package com.disney.WMPLite ) version 1.5.1 . The vulnerability arises because the app does not verify X.509 certificates from SSL servers, allowing attackers to perform a man-in-the-middle attack and obtain sensitive informa...

5.4CVSS6AI score0.00317EPSS
Exploits0References3Affected Software1
xssed
xssed
added 2008/08/14 12:0 a.m.8 views

Unfixed XSS vulnerability at www.perryrhodan.net

Security researcher Viper.aT, has submitted on 14/08/2008 a cross-site-scripting XSS vulnerability affecting www.perryrhodan.net, which at the time of submission ranked 187665 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/06/2009. It is...

6.6AI score
Exploits0References1
Rows per page
Query Builder