Lucene search
K

2386 matches found

Nuclei
Nuclei
added yesterday33 views

Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request Forgery CSRF. id: CVE-2025-47204 info: name: Bootstr...

6.1CVSS6.2AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 3 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
Metasploit
Metasploit
added 4 days ago13 views

XOR Encoder with Cipher Feedback

Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...

6.1AI score
Exploits0
OSV
OSV
added 4 days ago2 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:19 a.m.3 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 3:19 a.m.33 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:19 a.m.17 views

CVE-2026-34048

CVE-2026-34048 concerns Coolify prior to 4.0.0-beta.471, where terminal websocket bootstrap routes failed to enforce terminal authorization, only checking authentication. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers. The issue is fix...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:52 p.m.6 views

Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:52 p.m.7 views

MAL-2026-6807 Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 5:30 p.m.32 views

CVE-2026-14637 kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS0.00598EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 5:30 p.m.10 views

EUVD-2026-41684

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/04 5:30 p.m.5 views

CVE-2026-14637

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS5.4AI score0.00598EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 5:30 p.m.21 views

CVE-2026-14637

CVE-2026-14637 affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap, specifically the getCartItems function in application/libraries/ShoppingCart.php. Input manipulation of the shopping_cart parameter leads to deserialization, enabling remote exploitation as described. The patch identifier is 49b2...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 5:16 p.m.9 views

CVE-2026-14634

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 5:16 p.m.11 views

CVE-2026-14635

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...

7.5CVSS0.00437EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 4:45 p.m.9 views

EUVD-2026-41682

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function douploadothersimages of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a...

5.5CVSS5.8AI score0.00323EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 4:45 p.m.19 views

CVE-2026-14636

Summary (CVE-2026-14636): A weakness in kirilkirkov’s Ecommerce-CodeIgniter-Bootstrap (Vendor Image Manager) affects the AddProduct.php function do_upload_others_images. The vulnerability arises from manipulating the folder argument, enabling path traversal. It is reportable via remote access. Pu...

5.5CVSS5.8AI score0.00323EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 4:30 p.m.12 views

EUVD-2026-41681

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 4:30 p.m.21 views

CVE-2026-14635

The CVE-2026-14635 affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap (vendor’s Vendor Multi-Image Endpoint). The flaw arises from path traversal when manipulating the folder argument in the AddProduct.php handler, enabling remote initiation. Public exploit available; no version specifics are pr...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References7
Rows per page
Query Builder