CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

EUVD-2025-206711

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

EUVD-2025-206715

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

PT-2026-5981

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 contains a Remote Code Execution RCE issue through the project import functionality. The application fails to properly sanitize or sandbox user-supplied scripts within imported project files. A...

PT-2026-6506

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets...

PT-2026-6372

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

CVE-2025-69983

FUXA v1.2.7 is affected by a Remote Code Execution (RCE) vulnerability through the project import functionality. The root cause is improper sanitization/sandboxing of user-supplied scripts within imported project files, enabling an attacker to upload a malicious project containing system commands...

PT-2026-5978

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description The software initializes with authentication disabled due to the 'secureEnabled' flag being commented out in the 'server/settings.default.js' file. This allows unauthenticated remote attackers to access sensitive...

Linux Distros Unpatched Vulnerability : CVE-2025-13978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowe...

OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

CVE-2026-25144 Talishar has a Stored XSS which can lead to data exfiltration & user impersonation

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...

GO-2026-4370 Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea...

a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +1062 more potentially affected by unknown CVE via git2 (>=0.10.0 <=0.1.21)

git2 CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.0.0, =0.1.0, =0.3.3 - amisgitpm =0.0.1 - amp =0.6.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0008...

WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability

Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...

WordPress SP Project & Document Manager plugin <= 4.71 - Subscriber+ File Download via IDOR vulnerability

Subscriber+ File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...

📄 Aggie 2.6.1 Host Header Injection

This is a detailed analysis and proof of concept exploit for CVE-2025-22381, a host header injection vulnerability discovered in Aggie version 2.6.1. CVE-2025-22381: Host Header Injection in Aggie Detailed analysis and Proof-of-Concept for CVE-2025-22381, a Host Header Injection vulnerability...

Directory Traversal

Overview dbt-osmosis is an A dbt utility for managing YAML to make developing with dbt more delightful. Affected versions of this package are vulnerable to Directory Traversal via the YAML path handling logic in src/dbtosmosis/core/pathmanagement.py. An attacker can perform path traversal by...

evolver

🧬 Evolver !GitHub starshttps://img.shields.io/github/star...

EUVD-2020-30938

Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project...