Lucene search
+L

19021 matches found

osv
osv
added 2026/07/08 8:16 p.m.2 views

DEBIAN-CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6.1AI score0.00108EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 8:16 p.m.4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS0.00108EPSS
Exploits0References5
debiancve
debiancve
added 2026/07/08 7:33 p.m.5 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6AI score0.00108EPSS
Exploits0
osv
osv
added 2026/07/08 4:16 p.m.4 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS6.1AI score
Exploits0References1
nvd
nvd
added 2026/07/08 4:16 p.m.7 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS0.00198EPSS
Exploits0References1
osv
osv
added 2026/07/08 3:16 p.m.3 views

ALPINE-CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS6.1AI score0.00329EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 3:16 p.m.7 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS0.00329EPSS
Exploits0References2
osv
osv
added 2026/07/08 3:16 p.m.6 views

UBUNTU-CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS6.1AI score0.00329EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/08 3:3 p.m.5 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/07/08 3:3 p.m.6 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 3:3 p.m.8 views

EUVD-2026-42296

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
cve
cve
added 2026/07/08 2:55 p.m.20 views

CVE-2026-49147

App::Ack for Perl, up to version 3.10.0, is affected by a vulnerability where terminal control bytes in filenames can be emitted un-sanitised in several output modes. The root cause is that while a _safe_filename helper was added in 3.10.0 to sanitise filenames for -f, -g, the colored match headi...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/07/08 2:55 p.m.11 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0
cvelist
cvelist
added 2026/07/08 12:33 p.m.33 views

CVE-2026-6740 Nexter Blocks <= 4.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'commentIcon' Block Attribute

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00156EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 12:17 p.m.13 views

CVE-2026-6818

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'specialrequests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 9:16 a.m.8 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 7:36 a.m.7 views

EUVD-2026-42198

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 5:34 a.m.8 views

EUVD-2026-42168

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56408

Name of the Vulnerable Software and Affected Versions VikBooking Hotel Booking Engine & PMS versions prior to 1.8.9 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious scripts are...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.11 views

PT-2026-56354

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description The application crashes when opening a PDF containing an abnormal color space. This occurs because the attributes reference a valid but semantically malformed function whose...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References5
Rows per page
Query Builder