34 matches found
CVE-2026-9009
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...
EUVD-2026-24135
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...
CVE-2026-31019
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...
CVE-2021-41403
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities...
RealDefense SUPERAntiSpyware 安全漏洞
RealDefense SUPERAntiSpyware is a security tool for detecting and removing malware from RealDefense USA. A security vulnerability exists in RealDefense SUPERAntiSpyware that stems from SAS Core Service exposing dangerous functions that could lead to local elevation of privilege...
GHSA-GJC5-8CFH-653X Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)
Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Details Grav CMS uses a custom sandbox to protect the powerful Twig methods...
EUVD-2024-37326
Malicious code in bioql PyPI...
EUVD-2021-28431
Malicious code in bioql PyPI...
Multiple vulnerabilities in Ricoh Streamline NX PC Client
Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...
PT-2023-6570 · Unknown · Eisbaer Scada
Name of the Vulnerable Software and Affected Versions: EisBaer Scada affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the SCADA system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The estimated...
SUSE CVE-2007-2438
The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...
PT-2022-14839 · Unknown · Getgrav/Grav
Name of the Vulnerable Software and Affected Versions: getgrav/grav versions prior to 1.7.34 Description: The issue concerns Server Side Template Injection via Twig, where Twig should not render dangerous functions by default, such as system. This is related to Code Injection in the GitHub...
CVE-2021-41403
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities...
CVE-2021-41403
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities...
Whispers - Identify Hardcoded Secrets In Static Structured Text
"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...
PT-2021-4819 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2021 update 1 and earlier and versions 2018.10 and earlier Description: The issue is related to the use of inherently dangerous functions, which can lead to a security feature bypass. An authenticated attacker could levera...
Grav's Twig processing allowing dangerous PHP functions by default
Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...
Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews
tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to ...
File Upload Vulnerability in Cloud Module
Cloud module is a general website management system under Nanchong Tiger Cloud Network Technology Co. Cloud module background template management file upload vulnerability, the vulnerability stems from the failure to filter the file suffix and dangerous functions, attackers can use the...
Using the memory corruption vulnerability in the Python sandbox escape-vulnerability warning-the black bar safety net
Simply skip the text the author's README, we directly enter into the technical details. The Python environment using a custom whitelist/blacklist programs to prevent access to dangerous built-in functions, modules, functions, etc. Based on theoperating systemthe isolation provides some additional...