Lucene search
+L

122 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-10603

Malware in sbrugna...

7.5CVSS7.5AI score0.02706EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-0666

Malware in sbrugna...

4.6CVSS6.4AI score0.00375EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-1641

Malware in sbrugna...

7.8CVSS6.4AI score0.03341EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4129

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00362EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2023-2397

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00571EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/09/19 6:48 p.m.12 views

CVE-2025-34206 Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...

9.3CVSS0.00475EPSS
Exploits1References4
OSV
OSV
added 2025/07/10 5:15 p.m.7 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS6.6AI score0.95343EPSS
Exploits23References6
ATTACKERKB
ATTACKERKB
added 2025/07/10 12:0 a.m.18 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS6.7AI score0.95343EPSS
In wildExploits23References8
Cvelist
Cvelist
added 2025/07/10 12:0 a.m.19 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS0.95343EPSS
Exploits23References4
Snyk
Snyk
added 2025/07/03 9:31 p.m.6 views

Arbitrary Code Injection

Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the function modify in the Users.php file. An attacker with valid credentials can execute arbitrary PHP code by injecting malicious input into the...

8.8CVSS8AI score0.02148EPSS
Exploits1References2
ICS
ICS
added 2025/05/28 8:57 p.m.15 views

Craft CMS stores user-provided content session files

RISK EVALUATION Craft CMS stores user-provided content in session files. A remote, unauthenticated attacker can introduce arbitrary content, including PHP code, into session files with known names and locations. If an attacker can access these files, possibly through another vulnerability such...

10CVSS7.4AI score0.99829EPSS
Exploits14References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.6 views

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

8.1CVSS7.1AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 a.m.6 views

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

5.3CVSS7AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 a.m.4 views

CVE-2019-16355

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...

5.5CVSS6.4AI score0.00362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/09 11:21 p.m.19 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.6AI score0.01174EPSS
Exploits0References5
OSV
OSV
added 2025/05/08 12:31 a.m.11 views

GHSA-7VRX-9684-XRF2 Craft CMS stores arbitrary content provided by unauthenticated users in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.2AI score0.01174EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/05/08 12:31 a.m.24 views

Craft CMS stores arbitrary content provided by unauthenticated users in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.3AI score0.01174EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/05/07 11:15 p.m.26 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS0.01174EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/05/07 10:41 p.m.48 views

CVE-2025-35939 Craft CMS stores user-provided content in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS0.01174EPSS
Exploits0References5
CVE
CVE
added 2025/05/07 10:41 p.m.234 views

CVE-2025-35939

Craft CMS is affected by CVE-2025-35939 in versions prior to 5.7.5 and 4.15.3, where unauthenticated users can place arbitrary content (including PHP code) in server session files (sess_[value]) via unsanitized return URLs, potentially enabling local file manipulation or code execution. Remedies:...

6.9CVSS5.6AI score0.01174EPSS
In wildExploits0References6Affected Software1
Rows per page
Query Builder