Lucene search
K

224 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/05 12:45 p.m.7 views

CVE-2026-14749

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 8:15 p.m.7 views

EUVD-2026-41695

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grasscompiler::selector::extend/grasscompiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the publi...

4.8CVSS5.1AI score0.00115EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:15 p.m.9 views

CVE-2026-14651

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grasscompiler::selector::extend/grasscompiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the publi...

4.8CVSS5.1AI score0.00115EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.37 views

CVE-2025-71356 picklescan - Arbitrary Code Execution via torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.18 views

CVE-2025-71356

CVE-2025-71356 affects picklescan prior to 0.0.28, which fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression calls embedded in pickle files. This enables arbitrary code execution when such pickle files are loaded by victims, as attackers can embed p...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.11 views

PT-2026-55731

Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A local manipulation of the grass compiler::selector::extend/grass compiler::evaluate::visitor function can lead to a denial of service. This occurs because the @extend algorithm is...

4.8CVSS5.9AI score0.00115EPSS
Exploits0References10
OSV
OSV
added 2026/07/01 6:35 p.m.8 views

MAL-2026-6707 Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References8
OSV
OSV
added 2026/06/26 9:1 p.m.6 views

GHSA-Q6RR-FM2G-G5X8 Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx

Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:0 p.m.8 views

MAL-2026-6220 Malicious code in chai-as-uphelded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7f5470790594e55393048fee0e7a9e6e6650776a06717258e410292d4dc8a9 Package name impersonates the popular chai-as-promised library, but its package.json description and keywords masquerade as a pino-style logger and a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:2 p.m.14 views

Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab587fcd5a0b45e17454fc742007b8b597a0aec49b443d8a5a087ba910ea4a40 The package presents itself as a self-signed certificate generator, but its public generateCertificates API path loads sample/cert.pem, strips the...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS5.1AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5739

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

7.5CVSS6.8AI score0.00388EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 5:59 p.m.13 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the builtin allowlist handling in lib/builtin.js. An attacker can reach host code by requiring process and...

10CVSS6.2AI score0.00536EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 3:16 p.m.19 views

CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS0.00679EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/26 2:8 p.m.45 views

CVE-2026-42785 OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS0.00679EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.9 views

CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
CVE
CVE
added 2026/05/26 2:8 p.m.31 views

CVE-2026-42785

OpenKM 6.3.12 is affected by a remote code execution vulnerability exploitable by authenticated administrators via the /admin/Scripting endpoint. The issue allows submission of malicious script content with an action=Evaluate parameter to execute arbitrary Java/BeanShell code in the OpenKM applic...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 2:8 p.m.16 views

EUVD-2026-31835

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 7:20 a.m.14 views

Malicious code in react-ui-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...

5.7AI score
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

8.6CVSS6AI score0.00679EPSS
Exploits0References7
Rows per page
Query Builder