Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.8 views

PT-2026-39007

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.37 Description The safe extractall helper function, used in recipe pull, recipe publish, and recipe unpack flows, fails to validate member.linkname and does not reject symlink or hardlink members. Additionally, ...

8.7CVSS5.9AI score0.00433EPSS
Exploits1References5
EUVD
EUVDadded 2026/02/27 9:52 p.m.7 views

EUVD-2026-9081

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

9.8CVSS6AI score0.00593EPSS
Exploits1References1
Snyk
Snykadded 2026/02/24 12:38 a.m.2 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.9CVSS5.6AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/19 7:46 a.m.8 views

CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

8CVSS0.0031EPSS
Exploits0References4
OSV
OSVadded 2017/12/08 4:29 p.m.2 views

CVE-2017-15893

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...

6.5CVSS5.9AI score0.01836EPSS
Exploits0References1
Prion
Prionadded 2007/02/14 11:28 a.m.14 views

Design/Logic Flaw

Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function...

7.5CVSS7AI score0.01126EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2007/02/14 11:0 a.m.49 views

CVE-2007-0930

CVE-2007-0930 describes a vulnerability in Apache Stats prior to 0.0.3beta where PHP’s extract usage enables attackers to modify arbitrary variables. The underlying issue is a variable extraction flaw that could enable attacks via unspecified vectors. The affected software is Apache Stats (PHP-ba...

7.5CVSS6.5AI score0.01126EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2005/07/13 4:0 a.m.19 views

CVE-2005-2095

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

8.8AI score0.04242EPSS
Exploits2References13
Rows per page
Query Builder