122 matches found
EUVD-2019-10603
Malware in sbrugna...
EUVD-2007-0666
Malware in sbrugna...
EUVD-2007-1641
Malware in sbrugna...
EUVD-2022-4129
Malicious code in bioql PyPI...
EUVD-2023-2397
Malicious code in bioql PyPI...
CVE-2025-34206 Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...
Arbitrary Code Injection
Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the function modify in the Users.php file. An attacker with valid credentials can execute arbitrary PHP code by injecting malicious input into the...
Craft CMS stores user-provided content session files
RISK EVALUATION Craft CMS stores user-provided content in session files. A remote, unauthenticated attacker can introduce arbitrary content, including PHP code, into session files with known names and locations. If an attacker can access these files, possibly through another vulnerability such...
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
CVE-2018-20886
cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...
CVE-2019-16355
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...
CVE-2025-35939
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
GHSA-7VRX-9684-XRF2 Craft CMS stores arbitrary content provided by unauthenticated users in session files
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
Craft CMS stores arbitrary content provided by unauthenticated users in session files
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
CVE-2025-35939
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
CVE-2025-35939 Craft CMS stores user-provided content in session files
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
CVE-2025-35939
Craft CMS is affected by CVE-2025-35939 in versions prior to 5.7.5 and 4.15.3, where unauthenticated users can place arbitrary content (including PHP code) in server session files (sess_[value]) via unsanitized return URLs, potentially enabling local file manipulation or code execution. Remedies:...