Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/16 8:15 p.m.5 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

4.9CVSS5.8AI score0.00787EPSS
Exploits2References1
OSV
OSV
added 2021/05/07 4:47 p.m.2 views

GHSA-QM28-7HQV-WG5J OS Command Injection in ng-packagr

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option...

6.6CVSS5.9AI score0.0239EPSS
Exploits0References4
Snyk
Snyk
added 2020/09/24 10:29 a.m.3 views

Command Injection

Overview ng-packagr is a Compile and package a TypeScript library to Angular Package Format Affected versions of this package are vulnerable to Command Injection via the styleIncludePaths option. Remediation Upgrade ng-packagr to version 10.1.1 or higher. References - GitHub Commit Credit: Snyk...

6.6CVSS7.2AI score0.0239EPSS
Exploits0References2
OSV
OSV
added 2019/02/09 10:29 p.m.4 views

CVE-2019-7678

A directory traversal vulnerability was discovered in Enphase Envoy R3.. via images/, include/, include/js, or include/css on TCP port 8888...

9.8CVSS7.3AI score0.02486EPSS
Exploits0References2
Rows per page
Query Builder