Lucene search
K

174 matches found

OSV
OSV
added 2026/01/08 8:45 p.m.33 views

GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage

If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...

9.1CVSS6.6AI score0.16104EPSS
Exploits0References3
NVD
NVD
added 2025/12/23 8:15 p.m.4 views

CVE-2021-47734

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

8.6CVSS0.00712EPSS
Exploits1References3
OSV
OSV
added 2025/12/23 8:15 p.m.4 views

CVE-2021-47734

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

7.8CVSS6.1AI score0.00712EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.4 views

CVE-2021-47734 CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

8.6CVSS7.2AI score0.00712EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.13 views

CVE-2021-47734

CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...

8.6CVSS7.2AI score0.00712EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.8 views

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

8.6CVSS7AI score0.00712EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.5 views

CMSimple 安全漏洞

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

8.6CVSS7.1AI score0.00712EPSS
Exploits1References3
OSV
OSV
added 2025/10/22 4:45 p.m.4 views

GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

5.4CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/22 4:45 p.m.18 views

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

8AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-15915

Malware in sbrugna...

7.5CVSS7.5AI score0.01169EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13424

Malware in sbrugna...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-1047

Malware in sbrugna...

10CVSS6.4AI score0.04369EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5914

Malware in sbrugna...

6.5CVSS6.4AI score0.01382EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-6247

Malware in sbrugna...

6.5CVSS6.5AI score0.01411EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-6579

Malware in sbrugna...

6.8CVSS6.4AI score0.01202EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7961

Malware in sbrugna...

7.5CVSS7.5AI score0.00994EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5724

Malware in sbrugna...

9.3CVSS6.4AI score0.04582EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-25474

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/23 4:16 p.m.6 views

CVE-2025-9307

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

9.8CVSS7.4AI score0.00387EPSS
Exploits1References1
NVD
NVD
added 2025/08/21 4:15 p.m.7 views

CVE-2025-9307

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

9.8CVSS0.00387EPSS
Exploits1References5
Rows per page
Query Builder