Lucene search
K

44 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49571

Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.30 Description A quadratic complexity issue exists when parsing application/x-www-form-urlencoded bodies. The QuerystringParser performs a two-step lookup for field separators, scanning the entire remaini...

7.5CVSS6AI score0.00263EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey – fixed memory corruption upon unloading. It should be labeled as “priv”, but we accidentally passed “&priv”, which is an address in the stack. This can lead to memory corruption when the imxsckeyaction function i...

5.9AI score0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 7:12 p.m.5 views

CVE-2026-41924

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

9.3CVSS6.1AI score0.02707EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 5:44 p.m.7 views

EUVD-2026-16064

LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
Vivaldi Security Advisories
Vivaldi Security Advisories
added 2026/02/13 3:45 p.m.9 views

Minor update (2) for Vivaldi Desktop Browser 7.8

Download Vivaldi The following improvements were made since the first 7.8 minor update: Ad Blocker Make sure the folder for downloaded adblocking rules is always created VIB-1713 Bookmarks Ampersand shown in bookmark bar folders when items they should be underlined VB-124777 Chromium Update to...

8.8CVSS5.7AI score0.2202EPSS
Exploits12References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.9 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.0107EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/11 5:42 a.m.15 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.8AI score0.00326EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/10 6:30 a.m.8 views

Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.8AI score0.00326EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/10 6:30 a.m.3 views

GHSA-G4MF-96X5-5M2C Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.7AI score0.00326EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 5:15 a.m.2 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2025/11/10 5:15 a.m.5 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS0.00326EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/10 5:0 a.m.2 views

EUVD-2025-44030

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.6AI score0.00326EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/10 5:0 a.m.1 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS6.7AI score0.00326EPSS
Exploits0References3
CVE
CVE
added 2025/11/10 5:0 a.m.16 views

CVE-2025-12613

CVE-2025-12613 affects the Cloudinary Node SDK prior to 2.7.0. The vulnerability stems from improper parsing of parameter values containing an ampersand, enabling Arbitrary Argument Injection where an attacker can inject additional, unintended parameters. Potential outcomes include bypassing secu...

8.8CVSS6.7AI score0.00326EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/10 5:0 a.m.6 views

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

8.8CVSS0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.4 views

PT-2025-45601

Name of the Vulnerable Software and Affected Versions cloudinary versions prior to 2.7.0 Description The package is susceptible to Arbitrary Argument Injection because of improper parsing of parameter values that include an ampersand &. This allows an attacker to inject additional, unintended...

8.8CVSS6.7AI score0.00326EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-25612

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00703EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/24 5:25 p.m.6 views

CVE-2025-57771

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

8.1CVSS8.1AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2025/08/22 5:15 p.m.3 views

CVE-2025-57771

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

8.1CVSS0.00703EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 4:35 p.m.8 views

CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

8.1CVSS7.7AI score0.00703EPSS
Exploits0References4
Rows per page
Query Builder