Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/06 6:42 a.m.31 views

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

6.6CVSS0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.29 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/13 10:28 p.m.13 views

CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS7.2AI score0.01865EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.13 views

WordPress Lana Email Logger Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Lana Email Logger Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3166 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 87d6e5f60784 Credits Alex Thomas Required...

7.2CVSS5.7AI score0.00462EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder