Lucene search
K

75 matches found

CVE
CVE
added 2026/03/06 7:8 a.m.27 views

CVE-2026-29058

AVideo before 7.0 is vulnerable to unauthenticated OS command injection via the base64Url parameter in objects/getImage.php. The base64-decoded value is interpolated into an ffmpeg shell command without proper escaping, allowing arbitrary command execution and potential full server compromise. AM...

9.8CVSS6.1AI score0.02132EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/03/03 8:2 p.m.2 views

GHSA-9J26-99JH-V26Q WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

Impact An unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration secrets, internal keys, credentials, and service disruption...

9.8CVSS6.4AI score0.02132EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.14 views

PT-2026-23005

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 7.0 Description AVideo is a video-sharing Platform software susceptible to unauthenticated Remote Code Execution RCE. An attacker can inject shell command substitution into the base64Url GET parameter, potentially...

9.8CVSS5.9AI score0.02132EPSS
Exploits2References19
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-21899

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

4.9CVSS6.8AI score0.00317EPSS
Exploits1References1
NVD
NVD
added 2026/01/10 1:16 a.m.7 views

CVE-2026-21899

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

4.9CVSS0.00317EPSS
Exploits1References2
CVE
CVE
added 2026/01/10 12:11 a.m.17 views

CVE-2026-21899

CVE-2026-21899 affects CryptoLib (SDLS-EP) used with cFS ground stations. Prior to v1.4.3, base64urlDecode dereferences input[inputLen-1] before validating inputLen or NULL input, causing an out-of-bounds read at input[-1] when inputLen==0 and potentially a NULL dereference if input==NULL and inp...

4.9CVSS6.5AI score0.00317EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/10 12:11 a.m.2 views

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

4.7CVSS6.5AI score0.00317EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 12:11 a.m.8 views

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

4.7CVSS6.7AI score0.00317EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/10 12:11 a.m.26 views

CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...

4.7CVSS0.00317EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/12/12 2:26 p.m.16 views

Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer

Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer AMOS. Both Grok and ChatGPT were found to have been abused in these attacks. Forensic investigation of an AMOS alert showed the infection...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-5902

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01096EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/02/05 5:57 p.m.15 views

CVE-2019-5127

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.4AI score0.45302EPSS
Exploits1References1
Hacker One
Hacker One
added 2024/02/18 12:17 p.m.28 views

Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...

3.5CVSS4.3AI score0.00803EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2023/11/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-5128

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.30174EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-5127

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.2AI score0.45302EPSS
Exploits1References1
Prion
Prion
added 2022/07/01 8:15 p.m.11 views

Design/Logic Flaw

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

7.5CVSS9.4AI score0.01096EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/07/01 8:2 p.m.15 views

CVE-2022-25898 Improper Verification of Cryptographic Signature

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

7.7CVSS7.1AI score0.01096EPSS
Exploits1References8
CVE
CVE
added 2022/07/01 8:2 p.m.97 views

CVE-2022-25898

The CVE-2022-25898 entry concerns the jsrsasign library (pre-10.5.25) where JWS/JWT signatures with non Base64URL-encoded or escaped characters may be validated as valid. Affected component: jsrsasign; root cause: improper verification of cryptographic signatures. Impact (per sources): potential ...

9.8CVSS8.7AI score0.01096EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/01 8:0 p.m.1 views

CVE-2022-25898

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

9.8CVSS7.1AI score0.01096EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.20 views

jsrsasign 数据伪造问题漏洞

The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...

9.8CVSS8.2AI score0.01096EPSS
Exploits1References7
Rows per page
Query Builder