Lucene search
K

16 matches found

Snyk
Snyk
added 2026/06/12 8:8 p.m.4 views

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization in the processing of form definition files by the Form Framework. An attacker can gain administrative privileges by uploading and using maliciously crafted files...

8.6CVSS6.1AI score0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 10:50 a.m.81 views

CVE-2026-47346

Summary: CVE-2026-47346 affects TYPO3 CMS prior to certain patch versions, where backend users with file write perms can upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass upload restrictions. This can be exploited to execute arbitrary SQL statements and escalate...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:45 p.m.3 views

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2006-0240

Malware in sbrugna...

5CVSS6.4AI score0.02402EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25024

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00381EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.6 views

Mobius Forensic Toolkit 2.14

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...

7AI score
Exploits0
NVD
NVD
added 2024/08/16 2:15 a.m.36 views

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

7.2CVSS0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.3 views

PT-2024-8654 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.9.1 Description: The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to delete any directory on...

6.9CVSS7.4AI score0.00677EPSS
Exploits0References6
OSV
OSV
added 2023/12/01 12:31 a.m.1 views

GHSA-QW4H-3XJJ-84CC Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7AI score0.01345EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/12/01 12:31 a.m.55 views

Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

7.5CVSS7.5AI score0.01345EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2023/11/30 10:15 p.m.21 views

Path traversal

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

5CVSS7AI score0.01345EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 9:17 p.m.36 views

CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.7AI score0.01345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/30 9:17 p.m.16 views

CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

6.7AI score0.01345EPSS
Exploits0References1
Prion
Prion
added 2022/06/24 3:15 p.m.15 views

Code injection

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS...

7.2CVSS7.1AI score0.00381EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/24 3:0 p.m.16 views

CVE-2022-1743 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS...

7.2AI score0.00381EPSS
Exploits0References1
Prion
Prion
added 2006/04/25 1:2 a.m.18 views

Improper access control

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests...

5CVSS6.9AI score0.02402EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder