253 matches found
ExploitOnCLI
This is an offensive tool for searching exploits in multiple databases. The tool, named ExploitOnCLI or EOC, is written in PHP for Linux and allows users to search for exploits in various databases, including Exploit-DB, PacketStormSecurity, IEDB, Siph0n, CXSecurity, and Exploit4Arab. The tool ca...
CVE-2025-45765
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...
hMailServer 安全漏洞
hMailServer is an open source mail server from hMailServer Open Source. A security vulnerability exists in hMailServer version 5.8.6 and 5.6.9-beta, which stems from the use of hard-coded keys in BlowFish.cpp, which could lead to the decryption of database connection passwords...
miniTCG 安全漏洞
miniTCG is an automated collectible card game by the individual developer Carina aka Neko Cari. A security vulnerability exists in miniTCG v1.3.1 beta, which stems from uncleaned input and could lead to a cross-site scripting attack...
Exploit for CVE-2025-52159
This vulnerability chains has been assigned the following CVE ID...
CVE-2025-48491
Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...
CVE-2025-48491
Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...
CVE-2025-48491
CVE-2025-48491 affects Project AI, a platform for creating AI agents. The root cause is a hardcoded API key present in the source code before the pre‑beta version. The issue has been patched in the pre‑beta version, mitigating exposure. Public details in connected documents confirm this remediati...
CVE-2025-48491 Project AI API Key Exposure in Source Code
Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...
CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
CVE-2021-21283
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...
CVE-2025-32376
CVE-2025-32376 affects Discourse, where the DM limit enforcement could be bypassed. Affected versions are Discourse stable < 3.4.3 and beta
actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)
surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-5Q9X-554G-9JGG...
PT-2025-10613
Name of the Vulnerable Software and Affected Versions autogpt-platform versions prior to autogpt-platform-beta-v0.4.2 Description The issue is related to a server-side request forgery SSRF vulnerability inside the Send Web Request component. The root cause is that IPV6 addresses are not restricte...
PT-2025-4592 · Coolify · Coolify
Name of the Vulnerable Software and Affected Versions: Coolify versions 4.0.0-beta.358 and earlier Description: The issue allows attackers to inject arbitrary shell commands by altering the project name, potentially resulting in full system compromise, creation, modification, or deletion of...
Uptime Kuma 路径遍历漏洞
Uptime Kuma is an easy-to-use, self-hosted monitoring tool from the individual developer Louis Lam. A path traversal vulnerability exists in Uptime Kuma versions 1.23.0 through 1.23.15 and 2.0.0-beta.0, which stems from a lack of server-side validation and cleanup stemming from a URL field in the...
actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)
surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M52V-24P8-654F...
PT-2024-41125 · Git · V8
Outdated dependency on V8 found see policy. Please update to the latest beta, stable, or extended stable versions...
WordPress plugin Easy CSV Importer BETA 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...
PT-2024-7289 · Nginx · Nginx-Ui
Name of the Vulnerable Software and Affected Versions: Nginx UI versions prior to 2.0.0-beta.36 Description: The issue is related to the Nginx UI's configuration of logrotate, where it does not verify input and directly passes it to exec.Command, causing arbitrary command execution. This allows a...