CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

PT-2026-31465

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

PT-2026-2171

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting XSS issue in the API error logging functionality. An unauthenticated attacker can inje...

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

[ASA-202506-6] python-django: content spoofing

Arch Linux Security Advisory ASA-202506-6 ========================================= Severity: Low Date : 2025-06-12 CVE-ID : CVE-2025-48432 Package : python-django Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-2894 Summary ======= The package python-django before...

Logs Debug Injection In File Download

Description In 2 API: /code/download/:sessionId/:fileId and /download/:userId/:fileid The parameters sessionId, fileId, userId, fileid are not validated or filtered at all but are saved directly to log.debug Proof of Concept Prepare: The logs file on the server is stored at /app/api/debug-.log I...

Improper Input Validation

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to Improper Input Validation. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possibl...

Simple PHP Blog 0.4.7.1 - Remote Command Execution

Simple PHP Blog 0.4.7.1 - Remote Command Execution !/usr/bin/perl use IO::Socket; print "Simple PHP Blog this works with magicquotesgpc = Off\r\n\r\n"; short explaination: we have this code in install05.php: ... script is not deleted after installation, so, if magicquotesgpc = Off, you can includ...