1445 matches found
CVE-2026-35482
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
CVE-2026-35482
CVE-2026-35482 : alf.io’s extension script engine vulnerability allows an authenticated administrator to escape the Rhino sandbox and execute arbitrary OS commands on the server. The issue stems from an unguarded injected Java object (returnClass) combined with an incomplete AST blocklist, enabli...
EUVD-2026-34050
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...
CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2026-46718
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
vBulletin replaceAdTemplate - Remote Code Execution
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...
CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...
EUVD-2026-33906
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...
CVE-2026-46718
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...
CVE-2026-46718
Apache Calcite is affected by CVE-2026-46718: Unsafe Reflection via a user-controlled model can load arbitrary classes, enabling code execution. Affected: 1.5.0 up to
CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...
WordPress plugin e2pdf has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
CVE-2026-46685
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...
CVE-2026-46685
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...
Sensorweb ScadaBR 安全漏洞
Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation, designed for developing automated data acquisition and monitoring applications. Sensorweb ScadaBR has a security vulnerability, which stems from a reflection-type cross-site scripting issue in URL processing...
rustfs 安全漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability arises when RUSTFSCORSALLOWEDORIGINS is not set; in such cases, ConditionalCorsLayer reflects the Origin value and sets a relaxed...
WordPress plugin Felan Framework 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
WordPress plugin Gutenverse 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...