Lucene search
+L

209 matches found

Nuclei
Nuclei
added yesterday20 views

phpMyFAQ <= 4.1.1 - SQL Injection

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.6AI score0.01709EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-43494

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago42 views

CVE-2026-40469 Heap buffer overflow in gawk

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

5.1CVSS0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-40469

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

5.1CVSS6AI score0.00213EPSS
Exploits0References3
CVE
CVE
added 6 days ago19 views

CVE-2026-40468

The CVE-2026-40468 entry concerns gawk (versions 5.4.0 and earlier) with an integer overflow in the builtin.c file. The flaw can cause memory exhaustion and may enable overwriting heap metadata and objects with attacker-controlled bytes. This is described across multiple feeds (NVD/NIST entry and...

9.1CVSS6AI score0.00201EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56021

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description An out-of-bounds read occurs during the builtin missing-method lookup within the mrbc find method function. Recommendations Update to a version newer than 3.4.1. As a temporary mitigation, restrict th...

4.4CVSS5.9AI score0.00116EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

CVE-2026-38973

mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...

4.4CVSS5.9AI score0.00116EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-11.fc44

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS7AI score0.03552EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-11.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS7AI score0.03552EPSS
Exploits4
EUVD
EUVD
added 2026/06/12 2:17 p.m.13 views

EUVD-2026-36449

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/01 1:1 a.m.24 views

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-10.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
OSV
OSV
added 2026/05/29 6:20 p.m.14 views

GHSA-9G8X-92Q2-P28F NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

8.2CVSS5.8AI score0.00308EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/29 6:8 p.m.10 views

Protection Mechanism Failure

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Protection Mechanism Failure through the NodeVM builtin wildcard expansion in lib/builtin.js. An attacker can load Node’s private...

9.3CVSS5.9AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:59 p.m.13 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the builtin allowlist handling in lib/builtin.js. An attacker can reach host code by requiring process and...

10CVSS6.2AI score0.00536EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.15 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/28 1:13 a.m.15 views

[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-10.fc44

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
Fedora
Fedora
added 2026/05/15 10:45 p.m.34 views

[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-9.fc42

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS6AI score0.61469EPSS
Exploits41
OSV
OSV
added 2026/05/15 9:31 p.m.9 views

GHSA-CH9Q-C9MP-J5GQ Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01709EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/15 9:9 p.m.18 views

[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-9.fc43

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

9.2CVSS6AI score0.61469EPSS
Exploits41
CVE
CVE
added 2026/05/13 5:21 p.m.31 views

CVE-2026-43999

CVE-2026-43999 affects vm2’s NodeVM when the builtins allowlist is configured with a wildcard that includes the module builtin. Prior to version 3.11.0, the module builtin can bypass vm2’s allowlist via Module._load, because vm2 exposes the host’s Module object through a readonly proxy that still...

9.9CVSS6.3AI score0.00974EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder