Lucene search
K

2835 matches found

OSV
OSV
added 2026/04/17 10:21 p.m.4 views

GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

6.9CVSS5.9AI score0.00388EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/12 12:28 p.m.22 views

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS0.00607EPSS
Exploits1References4
CVE
CVE
added 2026/04/12 12:28 p.m.10 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated access that lets an attacker download and decode the application database (imgdb.db in upload/data). The deserialized database stores delete IDs in plaintext, enabling an attacker to delete all pictures by manipulating the d parameter...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.9 views

PT-2026-32171

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.8 views

CF Image Hosting Script 安全漏洞

CF Image Hosting Script is a lightweight image hosting script developed by David Tavarez. Version 1.6.5 of the CF Image Hosting Script contains a security vulnerability. This vulnerability stems from improper access control, which may lead to unauthorized database leaks and file deletion...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/04/08 4:23 a.m.11 views

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

9.8CVSS6.5AI score0.00622EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 5:32 p.m.16 views

CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

5.3CVSS0.00622EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:32 p.m.3 views

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

5.3CVSS6.5AI score0.00622EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/06 5:32 p.m.22 views

CVE-2026-35052

D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...

9.8CVSS6.5AI score0.00622EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/04/04 5:28 a.m.9 views

Remote Code Execution

D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...

9.8CVSS5.5AI score0.00622EPSS
Exploits0References2Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/04/02 3:37 p.m.7 views

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

6.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/02 3:37 p.m.6 views

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 4:10 p.m.7 views

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255 , sent...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.3 views

CVE-2026-25013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.15 views

Fireshare 安全漏洞

Fireshare is a media hosting software developed by Shane Israel individually. Version 1.5.1 of Fireshare contains a security vulnerability, which stems from authenticated path traversal in the multipart upload endpoint, potentially allowing arbitrary file writing...

8.1CVSS5.9AI score0.00431EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15615

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

7.1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25013 WordPress Phox Hosting plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder