Lucene search
K

639 matches found

Nuclei
Nuclei
added yesterday20 views

PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...

6.1CVSS6.4AI score0.00974EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-56000

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...

9CVSS6AI score0.00192EPSS
Exploits0References3
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-56000

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent pointing into potentially reallocated memory...

9CVSS5.9AI score0.00192EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56335

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 21.2.24 xwayland versions prior to 24.1.13 Description Local attackers with an X connection can cause a Heap Use After Free, a condition where the system continues to use a memory address after it has been freed,...

9CVSS6.2AI score0.00192EPSS
Exploits0References22
Snyk
Snyk
added 2026/07/04 3:12 a.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.9 views

EUVD-2025-210411

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 5:16 p.m.13 views

CVE-2017-20279

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:48 p.m.8 views

CVE-2017-20279

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:48 p.m.28 views

CVE-2017-20279 Joomla Payage 2.05 SQL Injection via aid Parameter

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:48 p.m.10 views

EUVD-2017-19006

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:48 p.m.18 views

CVE-2017-20279

Joomla Payage 2.05 is affected by an SQL injection in the aid parameter used in the make_payment task (unauthenticated access). The vulnerability allows manipulation of database queries, enabling extraction of sensitive data via boolean-based blind or time-based blind techniques. This is supporte...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50960

Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/14 11:40 a.m.6 views

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.4AI score0.00618EPSS
Exploits0
CVE
CVE
added 2026/06/14 11:40 a.m.33 views

CVE-2026-11527

CVE-2026-11527 affects Perl Config::IniFiles prior to 3.001000. The vulnerability arises when _make_filehandle opens the -file argument with Perl’s 2-arg open(); untrusted input passed to -file can be treated as a command or redirect (e.g., starting/ending with |, or >/>>), enabling OS c...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References4
CVE
CVE
added 2026/06/14 11:39 a.m.52 views

CVE-2026-11526

The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...

9.8CVSS5.4AI score0.01353EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS5.5AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41505

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...

8.7CVSS5.4AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:58 p.m.8 views

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/24 3:30 a.m.15 views

CVE-2026-9352

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...

6.9CVSS5.7AI score0.00286EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/24 3:30 a.m.29 views

CVE-2026-9352

Affected software/area: NousResearch hermes-agent (Messaging Gateway Handler), up to 2026.4.23. Vulnerability details: A weakness in the function _make_run_env in tools/environments/local.py can lead to information disclosure. The issue may be exploitable remotely; exploit has been made publicly ...

6.9CVSS5.7AI score0.00286EPSS
Exploits0References4
Rows per page
Query Builder