1082569 matches found
MINI-5XPF-P375-87QG
Bulletin has no description...
MINI-MQR9-PP7H-VG8G
Bulletin has no description...
MINI-G395-W32H-RC46
Bulletin has no description...
MINI-WFRF-GHR8-543Q
Bulletin has no description...
MINI-XVVF-Q5F3-RM2M
Bulletin has no description...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
MCPJam Inspector Authorized Security Validator A bounded proo...
EUVD-2026-35435
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
CVE-2026-9279 Shell command injection in Logseq
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
CVE-2026-9279 Shell command injection in Logseq
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
CVE-2026-9279
Logseq contains an IPC handler that lets the renderer execute shell commands. Although an allowlist restricts the command name (e.g., git, pandoc, grep), the argument string is concatenated with the command and passed to child_process.spawn with shell: true, allowing shell metacharacters to bypas...
CVE-2017-20251
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...
MINI-RHRX-56R8-P3PJ
Bulletin has no description...
Malicious code in transacts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73ecd84db15b18ea43f39e830199133ca8d17806313e4b6828a1d9105cc4b30c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2026-35413
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
MINI-2QFF-84P3-WP2C
Bulletin has no description...
CVE-2017-20251 WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...
CVE-2017-20251
CVE-2017-20251 affects WordPress Insert PHP plugin versions prior to 3.3.1. The vulnerability is a PHP code injection via the REST API, allowing unauthenticated attackers to execute arbitrary PHP by injecting an insert_php shortcode through POST requests to wp-json/wp/v2/posts, enabling remote PH...
CGA-3CX9-GQ56-CP35
Bulletin has no description...
CGA-7J52-257X-QFPP
Bulletin has no description...
axios: Axios: Remote Code Execution via Prototype Pollution escalation
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote...