Lucene search
K

114 matches found

OSV
OSV
added 2026/01/23 4:35 a.m.4 views

CVE-2025-67847 Moodle: moodle: remote code execution via insufficient restore input validation

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS7.3AI score0.00528EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/09 7:21 p.m.20 views

WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

9.9CVSS7.7AI score0.01747EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.5 views

webTareas 代码问题漏洞

webTareas is a web-based open source collaboration tool for luiswang individual developers. The product supports project management, bug tracking, content management and meeting management. A code issue vulnerability exists in webTareas version 2.4, which stems from a file upload feature that cou...

8.8CVSS7.3AI score0.00409EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which stems from improper file type validation in the OCR image upload feature and could lead to server-side code execution...

5.3CVSS7.5AI score0.00367EPSS
Exploits1References4
OSV
OSV
added 2025/12/19 12:0 a.m.5 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

5.3CVSS6.6AI score0.00367EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

6.4AI score0.00367EPSS
Exploits1References3
OSV
OSV
added 2025/12/18 6:45 p.m.3 views

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.6CVSS6.6AI score0.00393EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/12/16 8:25 p.m.152 views

Exploit for Deserialization of Untrusted Data in Facebook React

🧪 1-QADAM: Demo vulnerable web-app LAB Biz CVE-2025-55182...

10CVSS7.3AI score0.99562EPSS
Exploits374
EUVD
EUVD
added 2025/12/15 6:30 p.m.4 views

EUVD-2025-203389

An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...

6.7AI score0.00516EPSS
Exploits1References3
NVD
NVD
added 2025/12/15 6:15 p.m.5 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS0.00289EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.326 views

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

10CVSS7.3AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.156 views

📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection

Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...

10CVSS7.4AI score0.69817EPSS
Exploits4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-4145

Malware in sbrugna...

8.8CVSS8.6AI score0.0755EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6508

Malware in sbrugna...

4.6CVSS6.4AI score0.01606EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12263

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00258EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.7 views

WordPress plugin JoomSport 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.8CVSS6.5AI score0.00621EPSS
Exploits0References3
CVE
CVE
added 2025/09/12 10:24 a.m.16 views

CVE-2025-10267

CVE-2025-10267 affects the NUP Portal by NewType Infortech. The issue is missing authentication, allowing unauthenticated remote attackers to upload files. If file extension restrictions are bypassed, attackers could upload a webshell and execute it on the server side. Modeled across multiple fee...

6.9CVSS7AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34072

Name of the Vulnerable Software and Affected Versions: XWiki versions through 17.3.0 Description: XWiki is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticat...

8.8CVSS7.4AI score0.03366EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.7 views

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...

8.5AI score0.00591EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 8:51 p.m.34 views

CVE-2012-10056

CVE-2012-10056 affects PHP Volunteer Management System v1.0.2. An arbitrary file upload vulnerability in the document upload feature allows authenticated users to upload files to mods/documents/uploads/ without file-type checks; the directory is publicly accessible and execution controls are miss...

8.7CVSS7.6AI score0.00929EPSS
Exploits0References5
Rows per page
Query Builder