Lucene search
K

7 matches found

EUVD
EUVD
added 2026/05/19 9:25 a.m.16 views

EUVD-2026-30865

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

9.2CVSS5.8AI score0.02306EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 7:1 p.m.8 views

CVE-2026-35178

The CVE-2026-35178 affects Salesforce Workbench (admin/developer tooling) prior to version 65.0.0. A remote code execution vulnerability exists in the timezone conversion flow that processes attacker-controlled cookie values in an unsafe manner. Impact is described as high for confidentiality and...

9.8CVSS6.5AI score0.00491EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-1726

Malware in sbrugna...

7.5CVSS6.3AI score0.01199EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/01/07 12:43 p.m.12 views

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

6.1AI score0.01224EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/23 12:0 a.m.2 views

XSS Vulnerability in Shipping 100 - Virtual Goods Auto-Shipping System (CNVD-2020-31442)

Shipping 100-Virtual Goods Autoship System is a powerful virtual goods autoship system/article pay to read system. An XSS vulnerability exists in Shipment 100 - Virtual Goods Autoship System. An attacker can exploit the vulnerability to obtain user cookie information...

6.2AI score
Exploits0
exploitpack
exploitpack
added 2009/03/22 12:0 a.m.18 views

ExpressionEngine 1.6 - Avtaar Name HTML Injection

ExpressionEngine 1.6 - Avtaar Name HTML Injection source: https://www.securityfocus.com/bid/34193/info ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2004/01/12 12:0 a.m.10 views

PHPGedView 2.52.6 - Gedrecord.php Cross-Site Scripting

PHPGedView 2.52.6 - Gedrecord.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11891/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issu...

6.8AI score
Exploits0
Rows per page
Query Builder