33 matches found
CVE-2026-2544
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
EUVD-2026-6119
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544
CVE-2026-2544 affects yued-fe LuLu UI up to version 3.0.0. The vulnerability lies in the run.js file’s use of child_process.exec, enabling os command injection via remote attack. Multiple sources confirm the issue and remote exploitability, with vendor contact noted but no response. CVSS scores i...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
LuLu UI 操作系统命令注入漏洞
LuLu UI is a native UI component library developed by yued-fe. Versions of LuLu UI 3.0.0 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the childprocess.exec function in the run.js file, which allowed for command injection via os...
PT-2026-8318
Name of the Vulnerable Software and Affected Versions yued-fe LuLu UI versions up to 3.0.0 Description A security flaw exists in yued-fe LuLu UI, specifically in the child process.exec function within the run.js file. This allows for operating system command injection, and the attack can be...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
EUVD-2018-10487
Malware in sbrugna...
UAE’s Lulu Hypermarket Data Breach: Hackers Claim Millions of Customer Records
Lulu Hypermarket has experienced a major data breach, exposing over 200,000 customer records. The attack, claimed by IntelBroker…...
MacOS Malware: Myth vs. Truth – Podcast
Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac. … as if any machine that runs code could possibly be immune to malware…? Boy, was that a stretch. Th...
Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music,...
lulu-toy.cn Cross Site Scripting vulnerability OBB-1294511
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
lulu.com XSS vulnerability
Open Bug Bounty ID: OBB-711243 Description| Value ---|--- Affected Website:| lulu.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
Design/Logic Flaw
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
CVE-2018-18771
LuLu CMS (up to 2015-05-14) is affected by CVE-2018-18771 via the backend/modules/filemanager/controllers/DefaultController.php. The vulnerability allows arbitrary file upload by supplying a filename, directory name, and PHP code through three text inputs, which can lead to code execution on the ...