Lucene search
K

2889 matches found

Snyk
Snyk
added 2026/04/16 9:25 p.m.9 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection in the cloneServer.json.php endpoint of the CloneSite plugin, where user-controlled input is concatenated into a shell command without proper...

9.8CVSS6AI score0.02221EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:33 p.m.9 views

XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/14 9:16 p.m.5 views

CVE-2026-34160

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

8.6CVSS0.00344EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.8 views

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

6.1CVSS6.1AI score0.00229EPSS
Exploits1References1
CNVD
CNVD
added 2026/04/14 12:0 a.m.5 views

Totolink A3002MU formWlanSetup file wan-url parameter stack buffer overflow vulnerability

Totolink A3002MU is a wireless router product that provides network connectivity and wireless access. A stack buffer overflow vulnerability exists in the Totolink A3002MU. The vulnerability stems from a failure to properly handle the wan-url parameter in the HTTP request handling component, which...

9CVSS8.3AI score0.00472EPSS
Exploits0
NVD
NVD
added 2026/04/13 10:16 p.m.1 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS0.0029EPSS
Exploits0References57
Cvelist
Cvelist
added 2026/04/13 9:52 p.m.46 views

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS0.0029EPSS
Exploits0References8
OSV
OSV
added 2026/04/13 9:52 p.m.8 views

PSF-2026-17

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References8
CVE
CVE
added 2026/04/13 6:57 a.m.11 views

CVE-2026-5936

CVE-2026-5936 pertains to Foxit PDF Services API and describes a server-side request forgery (SSRF) where an attacker can influence a server to perform HTTP requests to arbitrary destinations by supplying a crafted URL. Affects the component handling URL parameters; this can enable probing intern...

8.5CVSS5.8AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 9:31 p.m.4 views

EUVD-2026-21579

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

5.3CVSS5.9AI score0.00222EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 8:59 p.m.10 views

Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Summary The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an...

7.2CVSS5.8AI score0.00621EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/10 8:59 p.m.4 views

GHSA-FF24-4PRJ-GPMJ Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Summary The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an...

7.2CVSS5.8AI score0.00621EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 5:32 p.m.21 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:27 p.m.5 views

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.3AI score0.00279EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/09 12:0 a.m.20 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

0.00279EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 6:16 p.m.4 views

CVE-2026-39344

ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting XSS vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly...

8.1CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 9:22 p.m.20 views

CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

4.7CVSS0.00223EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/06 4:56 p.m.19 views

CVE-2026-35037 Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...

7.2CVSS0.00289EPSS
Exploits2References1
CVE
CVE
added 2026/04/06 4:56 p.m.17 views

CVE-2026-35037

Ech0 (GetWebsiteTitle endpoint) is affected by an unauthenticated SSRF vulnerability (CVE-2026-35037) prior to version 4.2.8. The GET /api/website/title endpoint accepts a user-supplied website_url, makes a server-side HTTP request without validating the target, and returns the HTML title content...

7.2CVSS6AI score0.00289EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder