Lucene search
+L

968 matches found

Nuclei
Nuclei
added 13 hours ago16 views

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

9.8CVSS8.7AI score0.05982EPSS
Exploits4References4
Nuclei
Nuclei
added 13 hours ago23 views

dash-uploader 0.1.0 - 0.7.0a2 - Denial-of-Service via flowTotalChunks

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a remote code execution caused by improper handling in Upload function and maxfilesize parameter in dashuploader components, letting remote attackers execute arbitrary code, exploit requires crafted request. id: CVE-2026-38361 info: name:...

7.5CVSS8.4AI score0.02643EPSS
Exploits5References4
Nuclei
Nuclei
added 13 hours ago22 views

Dash Framework - Cross-site Scripting

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...

6.5CVSS5.9AI score0.01475EPSS
Exploits1References1
NVD
NVD
added 3 days ago3 views

CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
CVE
CVE
added 3 days ago66 views

CVE-2026-45068

CVE-2026-45068 affects Symfony’s SendmailTransport in -t mode. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, recipient addresses were appended to the sendmail command line without a -- end-of-options separator, so an address starting with - could be treated as a sendmail option rather tha...

8.7CVSS6.1AI score0.00399EPSS
Exploits0References6Affected Software1
OSV
OSV
added 3 days ago3 views

CVE-2026-45068 Symfony: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS6.1AI score0.00399EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-45068 Symfony: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 11:52 a.m.3 views

OPENSUSE-SU-2026:21301-1 Security update for dash

This update for dash fixes the following issues - CVE-2026-31323: Fix CVE-2026-31323 INTMAXMIN / -1 overflow bsc1269494. - executes code even when noexec "-n" is specified bsc1178978...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-320 dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References9
OSV
OSV
added 2026/06/29 8:10 a.m.2 views

OPENSUSE-SU-2026:21163-1 Security update for yt-dlp

This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to version 2026.06.09 Fixed CVE-2026-50019: File Downloader cookie leak with curl Fixed CVE-2026-50023: Dangerous file type creation via insufficient filename sanitization Fixed CVE-2026-50574: Arbitrary code execution...

9.6CVSS6.2AI score0.00555EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 12:0 a.m.2 views

OPENSUSE-SU-2026:11143-1 dash-0.5.13.4-1.1 on GA media

These are all security issues fixed in the dash-0.5.13.4-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2507)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2466)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/16 9:13 p.m.12 views

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

9.6CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 1:3 a.m.15 views

Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/13 1:3 a.m.15 views

MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/12 12:26 p.m.10 views

OESA-2026-2665 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...

8.7CVSS5.8AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:26 p.m.11 views

OESA-2026-2663 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg 4.2 is affected ...

8.8CVSS7.2AI score0.02468EPSS
Exploits6References8
OSV
OSV
added 2026/06/12 12:26 p.m.12 views

OESA-2026-2662 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...

8.7CVSS5.7AI score0.00172EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/09 4:43 p.m.7 views

PYSEC-2026-220

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

6.5CVSS6.4AI score0.01475EPSS
Exploits1References17Affected Software1
Rows per page
Query Builder