32 matches found
CVE-2026-45628
Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...
CVE-2026-45628
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...
PT-2026-44932
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...
GHSA-GQW4-4W2P-838Q Composer has a command injection via malicious perforce reference
Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...
CVE-2026-32892
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...
EUVD-2026-11744
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
CVE-2026-22193
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
Trivy Action has a script injection via sourced env file in composite action
Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting XSS when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...
WordPress plugin WP Dispatcher SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
CVE-2022-34198
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
BIT-JOOMLA-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...
WordPress plugin Banner Garden Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Dental Optimizer Patient Generator App 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
PT-2024-39512 · WordPress · Booster For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, leading to Reflected Cross-Site...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
CVE-2024-21730
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...