6449 matches found
Gogs Git Rebase Argument Injection RCE
This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3822 info: name: Base64 Encoder/Decode...
Mesop AI Sandbox <= 1.2.2 - Remote Code Execution
Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
USN-8365-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...
CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
EUVD-2026-33878
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
PT-2026-45690
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64 decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...
PT-2026-44767
Name of the Vulnerable Software and Affected Versions Acer Connect affected versions not specified Description Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing...
PYSEC-2026-178
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...
RLSA-2026:18683 Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878 libssh: Write...
External Control of File Name or Path
Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...
CVE-2026-48920
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
CVE-2026-48920
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
CVE-2026-48920
CVE-2026-48920 affects Jenkins’ Email Extension Plugin (versions up to 1933.v45cec755423f and earlier). The vulnerability arises when inlining images as base64 via the data-inline attribute, with no restrictions on inlined image URLs, enabling an attacker-controlled email to specify file: URLs an...
CVE-2026-48920
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...
EUVD-2026-32511
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...