Lucene search
+L

2589 matches found

Nuclei
Nuclei
added 11 hours ago15 views

LotusCMS 3.0 - Remote Code Execution

LotusCMS 3.0 is susceptible to remote code execution via the Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution. id: CVE-2011-0518 info: name: LotusCMS 3.0 - Remote Code Execution author: pikpikcu...

5.1CVSS6.4AI score0.15833EPSS
Exploits3References2
Nuclei
Nuclei
added 11 hours ago69 views

PrestaShop - SQL Injection to Eval Injection

PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...

9.8CVSS9AI score0.0517EPSS
Exploits2References4
Nuclei
Nuclei
added 3 days ago197 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in nordpass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9df6f21fababcd99ba522d380a0729d35aa4ff44ee2f6612fe75b906da844aee Package name impersonates the NordPass password-manager product while presenting itself as 'A simple authentication module.' The package.json...

6.2AI score
Exploits0References1
OSV
OSV
added 3 days ago8 views

MAL-2026-10743 Malicious code in nordpass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9df6f21fababcd99ba522d380a0729d35aa4ff44ee2f6612fe75b906da844aee Package name impersonates the NordPass password-manager product while presenting itself as 'A simple authentication module.' The package.json...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

openSUSE 16 Security Update : perl-DBI (openSUSE-SU-2026:21293-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21293-1 advisory. This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago12 views

Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSV
OSV
added 6 days ago2 views

MAL-2026-10448 Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSV
OSV
added 6 days ago24 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago12 views

Malicious code in markable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...

6.5AI score
Exploits0References10
OSV
OSV
added 6 days ago6 views

MAL-2026-10444 Malicious code in markable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...

6.5AI score
Exploits0References10
NVD
NVD
added 2026/07/11 4:17 a.m.7 views

CVE-2026-13353

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for installaddon,...

8.8CVSS0.00606EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 10:42 p.m.16 views

Malicious code in auth-next-gen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe0926f0a2c1f47072efaac014be38bb00c8e9f31f59badf188b1ed74dd5c2ce On require of auth-next-gen, index.js loads lib/writer.js, which at module top level performs an axios GET against a base64-obfuscated URL...

6.5AI score
Exploits0References4
CVE
CVE
added 2026/07/10 5:50 p.m.16 views

CVE-2025-30007

HestiaCP prior to 1.9.5 is affected by an authenticated OS command injection via DNS record management. The vulnerability stems from insufficient input validation in is_dns_record_format_valid() and unsafe eval-based parsing in update_domain_zone(), which can allow a low-privilege authenticated u...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 5:50 p.m.9 views

EUVD-2025-210452

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 3:17 p.m.14 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.13 views

PT-2026-57246

Name of the Vulnerable Software and Affected Versions HestiaCP versions prior to 1.9.5 Description An authenticated OS command injection allows low-privilege users to execute arbitrary commands as root. The issue stems from insufficient input validation in the is dns record format valid function...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 11:51 p.m.34 views

CVE-2026-54769 Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents evaluate LLM-generated tool messages with...

10CVSS0.00912EPSS
Exploits0References1
Rows per page
Query Builder