Lucene search
K

718 matches found

NVD
NVD
added 2026/01/14 6:16 p.m.9 views

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

6.8CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.10 views

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

8.4CVSS7.2AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/13 7:2 p.m.6 views

EUVD-2026-1864

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References4
CVE
CVE
added 2026/01/10 6:43 a.m.33 views

CVE-2026-22777

CVE-2026-22777 concerns ComfyUI-Manager, an extension for ComfyUI. A CRLF injection vulnerability exists in the configuration handling where an attacker can inject special characters into HTTP query parameters to add arbitrary values to the config.ini, potentially tampering with security settings...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/10 6:43 a.m.8 views

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:8 a.m.8 views

CVE-2020-7617

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...

9.8CVSS6.7AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 8:15 p.m.7 views

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

7.1CVSS5.9AI score0.008EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/11 9:15 p.m.4 views

EUVD-2025-202846

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled valuelen...

9.9CVSS7.5AI score0.00627EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/12/11 12:0 a.m.178 views

📄 Casdoor 2.95.0 Directory Traversal

Casdoor version 2.95.0 directory traversal proof of concept exploit. ============================================================================================================================================= | Title : Casdoor 2.95.0 Directory Traversal | | Author : indoushka | | Tested on :...

6.5CVSS7AI score0.03093EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/11/13 11:8 p.m.4 views

CVE-2022-4983

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...

6.9CVSS7.6AI score0.00373EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in planetology-deneb-betelgeuse-ini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d9e76fd68dea4a218da7554c4a828cd8f512e9399f2f98a6ba89184f1e1ac45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177661

Malicious code in neptune-ini-apex-ophiuchus npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179174

Malicious code in elektra-jekyll-ini-async npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179897

Malicious code in callisto-cors-ini-puppeteer npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178409

Malicious code in ini-quito-stratosphere-slides npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-176707

Malicious code in release-it-perseus-ini-node-config npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in neptune-ini-apex-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37b63ab4631ab55ea26f71c7b50ce32dc848123780edb2d0f6b35e671c557b81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-178163

Malicious code in lacerta-chalk-ini-neptune npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178553

Malicious code in helmet-sirius-ini-mocha npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180128

Malicious code in baryon-ini-biomimicry-entanglement npm...

6.6AI score
Exploits0
Rows per page
Query Builder