Lucene search
K

6563 matches found

Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.11 views

Samba Print Configuration Checker

This Python script is a lightweight configuration analysis tool designed to inspect Samba smb.conf printing settings and identify potentially unsafe print command configurations associated with command injection risks. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/29 10:30 p.m.7 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the executecode function. An attacker can achieve arbitrary command execution on the host system by leveragi...

9.9CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 10:30 p.m.14 views

GHSA-4MR5-G6F9-CFRH PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

9.9CVSS6.3AI score0.0012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.27 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

6.3AI score0.0012EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...

7.8CVSS6.3AI score0.00502EPSS
Exploits8References24
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

9.9CVSS6.4AI score0.0012EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 4:16 p.m.16 views

CVE-2026-44672

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 2:35 p.m.20 views

CVE-2026-44672

CVE-2026-44672 affects mapfish-print, a component of MapFish for templated map printing. The vulnerability exists in the Dynamic table handling for versions 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, allowing an unauthenticated attacker to execute arbitrary code (Remote Code ...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 2:35 p.m.14 views

EUVD-2026-32909

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:35 p.m.7 views

CVE-2026-44672

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2026/05/28 2:35 p.m.31 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:35 p.m.12 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

mapfish-print 代码注入漏洞

Mapfish-Print is a JAVA extension library created by individual developers for creating maps-related reports. This extension library is based on Java’s servlet/lib/application framework and can implement a service that receives requests and returns reports. Versions of Mapfish-Print from 3.23.0 t...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/27 10:43 a.m.80 views

Exploit for CVE-2021-34527

No d...

9CVSS6AI score0.99759EPSS
Exploits41
NVD
NVD
added 2026/05/27 7:16 a.m.14 views

CVE-2026-8702

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:31 a.m.12 views

EUVD-2026-32061

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.7 views

CVE-2026-8702

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.35 views

CVE-2026-8702 GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...

6.4CVSS0.00156EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/27 2:53 a.m.17 views

SUSE CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

10CVSS6.4AI score0.12797EPSS
Exploits7References15
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin GBI To Print 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder