Lucene search
+L

5 matches found

cvelist
cvelist
added 2026/07/10 12:0 a.m.29 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

0.00432EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/09 5:0 a.m.10 views

CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

9.8CVSS6.9AI score0.01049EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/22 5:5 p.m.6 views

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

9.8CVSS7.8AI score0.01749EPSS
Exploits1
ptsecurity
ptsecurity
added 2023/09/27 12:0 a.m.2 views

PT-2023-20523

Name of the Vulnerable Software and Affected Versions pydash versions prior to 6.0.0 Description The issue affects pydash methods such as pydash.objects.invoke and pydash.collections.invoke map, which accept dotted paths to target nested Python objects. These paths can be used to target internal...

9.1CVSS7.2AI score0.02919EPSS
Exploits1References14
ptsecurity
ptsecurity
added 2023/04/18 12:0 a.m.5 views

PT-2023-22779 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. The issue arises from the sql/instance.py endpoint's describ...

6.5CVSS6.9AI score0.00835EPSS
Exploits1References5
Rows per page
Query Builder