332 matches found
OliveTin's unsafe parsing of UniqueTrackingId can be used to write files
When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...
Adobe Experience Manager(AEM) 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2026-0489
SAP Business One Job Service is affected by a DOM-based XSS vulnerability (CVE-2026-0489) due to insufficient validation of a user-controlled input in a URL query parameter. The issue could allow an unauthenticated attacker, via user interaction, to inject crafted input that executes in the victi...
PT-2026-24752
Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...
CVE-2026-0846 Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsafe template rendering that combines user input with permissive sanitizer handling of data URLs in the display of author and committer names. An attacker can execute arbitrary JavaScript in the context of...
CVE-2026-28122
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through = 2.9.8...
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...
EUVD-2026-7409
Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...
CVE-2026-2043
Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-2042
Nagios Host monitoringwizard Command Injection (CVE-2026-2042) affects Nagios Host installations. The flaw is in the monitoringwizard module where a user-supplied string is not properly validated before being used in a system call, allowing an attacker to execute arbitrary code with the service a...
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...
BIT-GITLAB-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...
CVE-2026-2469
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...
BIT-MOODLE-2025-67850 Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor
A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029
CVE-2026-26029 affects the sf-mcp-server component (Salesforce MCP server for Claude for Desktop). The issue arises from unsafe use of child_process.exec when forming Salesforce CLI commands with user-controlled input, enabling a potential command injection. Successful exploitation could execute ...