Lucene search
K

19 matches found

Nuclei
Nuclei
added yesterday104 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7.2AI score0.03551EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 8:35 p.m.7 views

Malicious code in pdf-converter-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3a5f6d1d39c20feca11d0129f0efa21bdf564586045555b756cc25bce73efc Package is advertised as a PDF converter but contains no PDF generation code. Its sole public method TXTtoPDFConverter.createpdftxtpath, pdfpath is...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44901

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.6.9 Description The template upload feature contains a path traversal issue, which occurs when an application uses user-supplied input to construct a pathname that is then used in a file operation. This allows authenticated...

7.2CVSS5.8AI score0.00782EPSS
Exploits1References5
OSV
OSV
added 2026/05/27 9:10 p.m.8 views

GHSA-HMR5-2XCR-V8PP Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering

Description Symfony's profiler, a development only debug UI, renders source-code excerpts on several pages using Twig's custom fileexcerpt filter. This filter renders PHP files via highlightstring which escapes HTML, but renders non-PHP files by splitting on \n and interpolating each line directl...

5.1CVSS5.9AI score0.00062EPSS
Exploits0References7
CVE
CVE
added 2026/03/31 1:39 a.m.20 views

CVE-2026-34036

Dolibarr 22.0.4 and earlier contains a Local File Inclusion (LFI) in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic in restrictedArea(), an authenticated user with no special privileges can read arbitrary non-PHP files...

6.5CVSS6AI score0.00419EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/03/27 6:4 p.m.5 views

GHSA-2MFJ-R695-5H9R Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...

6.5CVSS5.9AI score0.00419EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-51037

Malicious code in bioql PyPI...

9.8CVSS8.4AI score0.01603EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48781

Malicious code in bioql PyPI...

7.8CVSS7.8AI score0.00635EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.5 views

PT-2025-25306

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows an attacker to gain full access to the application due to login credentials for the admin user and the property configuration password being stored in files within the source...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References12
OSV
OSV
added 2025/02/19 11:15 p.m.8 views

CVE-2025-25945

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp...

6.5CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2024/07/04 12:15 p.m.5 views

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

8.8CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2024/06/12 2:15 p.m.10 views

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

9.8CVSS6.2AI score0.01126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.5 views

PT-2023-24802 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious...

7.8CVSS7.5AI score0.00401EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/12/05 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2022:4310-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.00635EPSS
Exploits0References4
OSV
OSV
added 2022/12/01 8:12 a.m.3 views

SUSE-SU-2022:4305-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags bsc1205822...

7.8CVSS8.2AI score0.00635EPSS
Exploits0References3
Prion
Prion
added 2021/11/15 4:15 p.m.20 views

Directory traversal

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

6.4CVSS9.3AI score0.74857EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/08/07 12:0 a.m.2 views

Code Execution Vulnerability in PHPMyWind v5.5

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A code execution vulnerability exists in PHPMyWind v5.5. The vulnerability originates from updating variables in the cache file, bypassing the filter, continue to generate custom code files, an attacker can exploit the...

8.1AI score
Exploits0
Prion
Prion
added 2015/10/06 1:59 a.m.15 views

Format string

Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file...

2.1CVSS6.3AI score0.00334EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2009/03/23 8:23 p.m.8 views

HP unveils Flash vulnerability scanner

HP has released a free static-analysis tool designed to find vulnerabilities in applications developed on the Adobe Flash platform. But HP SWFScan is no security geek plaything. It’s meant specifically for developers without much in the way of security training. The tool is the brainchild of the...

7.4AI score
Exploits0References3
Rows per page
Query Builder