Lucene search
+L

314 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-45390

A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction.validatecommand of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be...

5.3CVSS5AI score
Exploits0References6
CVE
CVE
added yesterday13 views

CVE-2026-16129

The CVE-2026-16129 entry concerns princezuda SafestClaw (Built-in Web Interface) with a flaw in ShellAction._validate_command in src/safestclaw/actions/shell.py of the Built-in Web Interface. The vulnerability is described as an incomplete blacklist in the command validation logic, enabling local...

5.3CVSS5AI score
Exploits0References6
CVE
CVE
added 4 days ago9 views

CVE-2026-52888

NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-52888 NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-15625

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS0.0028EPSS
Exploits0References12
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15625 nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS0.0028EPSS
Exploits0References12
CVE
CVE
added 5 days ago10 views

CVE-2026-15625

The vulnerability CVE-2026-15625 affects nextlevelbuilder GoClaw 3.11.3. It targets the function ExecApprovalManager.CheckCommand in internal/tools/exec_approval.go, causing an incomplete blacklist. This enables a remote attack and has a publicly available exploit, with PoC maturity. Impact metri...

6.5CVSS6.4AI score0.0028EPSS
Exploits0References12
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43614

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS6.4AI score0.0028EPSS
Exploits0References12
OSV
OSV
added 5 days ago3 views

CVE-2026-15625 nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

5.3CVSS6.4AI score0.0028EPSS
Exploits0References14
Redos
Redos
added 2026/05/13 12:0 a.m.9 views

ROS-20260513-73-0020

Vulnerability in lxd related to the use of an incomplete blacklist. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.1CVSS6.2AI score0.00363EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...

7.8CVSS6.1AI score0.00185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.8 views

CVE-2026-4509

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 6:30 a.m.4 views

EUVD-2026-14239

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS5.4AI score0.00291EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 6:16 a.m.5 views

CVE-2026-4509

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS0.00291EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 6:2 a.m.2 views

CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 6:2 a.m.21 views

CVE-2026-4509

The CVE-2026-4509 entry concerns PbootCMS versions up to 3.2.12, affecting the File Upload component. The flaw is tied to an incomplete blacklist in the handling of an argument within core/function/file.php, enabling a potential remote attack. The public exploit is noted in the sources. Affected ...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 6:2 a.m.37 views

CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been release...

6.5CVSS0.00291EPSS
Exploits0References4
Redos
Redos
added 2026/02/16 12:0 a.m.7 views

ROS-20260216-73-0043

Vulnerability in libsodium related to the use of an incomplete blacklist. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

4.5CVSS6.2AI score0.00166EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/01/11 1:49 p.m.187 views

Exploit for CVE-2025-68120

Vulnerability Write-up: Command Injection in VS Code Go Extens...

5.4CVSS8.3AI score0.00418EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5546

Malware in sbrugna...

6.1CVSS6.3AI score0.0129EPSS
Exploits1References5
Rows per page
Query Builder