Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 3:25 a.m.13 views

CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

8.8CVSS6.5AI score0.0091EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/12/04 10:37 p.m.3 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0
CVE
CVE
added 2025/12/04 10:37 p.m.23 views

CVE-2025-66564

Sigstore Timestamp Authority contains a vulnerability (CVE-2025-66564) where ParseJSONRequest and getContentType allocate O(n) bytes when handling untrusted input (an OID with many periods or a malformed Content-Type header). The issue is triggered by using strings.Split on untrusted data, leadin...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/08/12 11:9 p.m.4 views

WordPress Easy restaurant menu manager plugin <= 2.0.2 - Cross-Site Request Forgery to Menu Upload vulnerability

Cross-Site Request Forgery to Menu Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy pdf restaurant menu upload versions = 2.0.2...

4.3CVSS6.9AI score0.00151EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.13 views

CVE-2023-23373

An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 2023/06/15 and later...

8.8CVSS7.8AI score0.01141EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/11/24 12:0 a.m.18 views

WordPress Salient Core Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Salient Core Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48749 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ef3d6f0a3d43 Credits Rafie Muhammad Patchstack Required...

6.5CVSS6.9AI score0.00385EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder