Lucene search
K

104 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22427

Name of the Vulnerable Software and Affected Versions openDCIM versions 23.04 through commit 4467e9c4 Description The application retrieves the dot configuration parameter from the database and passes it directly to the exec function without validation or sanitation. If an attacker can modify the...

9.8CVSS6AI score0.05648EPSS
Exploits2References18
OSV
OSV
added 2026/02/25 4:16 a.m.2 views

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21859

Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...

9.8CVSS6.6AI score0.00908EPSS
Exploits0References12
NVD
NVD
added 2026/02/24 10:16 a.m.9 views

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

8.4CVSS0.01134EPSS
Exploits0References3
CVE
CVE
added 2026/02/24 10:6 a.m.40 views

CVE-2024-56373

Summary of CVE-2024-56373 : Apache Airflow 2.x contains a vulnerability in the log template history mechanism that can allow a user (DAG Author) with existing permissions to manipulate the Airflow database and execute arbitrary code in the web-server context, leading to potential remote code exec...

8.4CVSS6.7AI score0.01134EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21670

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...

8.4CVSS6.6AI score0.01134EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/02/11 10:18 p.m.5 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS6.6AI score0.00923EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.18 views

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

8.5CVSS6.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 10:16 p.m.8 views

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

8.5CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 12:31 p.m.4 views

EUVD-2025-36994

Apache Airflow /api/v2/dagReports executes DAG Python in API...

5.4CVSS6.4AI score0.00476EPSS
Exploits0References5
OSV
OSV
added 2025/10/30 10:15 a.m.5 views

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.7AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-6598

Malware in sbrugna...

9.3CVSS6.4AI score0.01442EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2012-6588

Malware in sbrugna...

9.3CVSS6.4AI score0.01389EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-32160

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 9:15 p.m.5 views

CVE-2012-10058

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server proce...

10CVSS0.01317EPSS
Exploits0References6
NVD
NVD
added 2025/08/08 7:15 p.m.9 views

CVE-2012-10052

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS0.01389EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/08 6:13 p.m.11 views

CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

9.3CVSS0.01064EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/08 6:13 p.m.5 views

CVE-2012-10049 WebPageTest Arbitrary PHP File Upload RCE

WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and...

9.3CVSS8.2AI score0.01064EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.10 views

PT-2025-31688 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...

9.3CVSS7.2AI score0.01977EPSS
Exploits1References7
Microsoft CVE
Microsoft CVE
added 2024/09/20 7:0 a.m.4 views

Xorg-x11-server: selinux context corruption

...

7.8CVSS7AI score0.00356EPSS
Exploits0
Rows per page
Query Builder