485387 matches found
shadoweb wdja v1.5.1 - Cross-Site Scripting
shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...
WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...
WordPress Elementor 3.18.1 - File Upload/Remote Code Execution
The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. id: CVE-2023-48777 info: name: WordPress Elementor 3.18.1 - File...
SPIP Saisies - Remote Code Execution
SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. id: CVE-2025-71243 info: name: SPIP Saisies - Remote Code Execution author: omarkurt severity:...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-12866
The CVE-2026-12866 entry concerns the npm package expr-eval. Affected versions are vulnerable to Code Execution via the toJSFunction() API, where user-supplied expressions are transformed into executable JavaScript with new Function(), allowing an attacker to escape the sandbox and run arbitrary ...
EUVD-2026-38415
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...