CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44 matches found

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.3AI score0.7146EPSS

Exploits1References2

VulnCheck KEV•added 2025/11/29 12:0 a.m.•1 views

VulnCheck KEV: CVE-2024-49380

9.3CVSS5.9AI score0.7146EPSS

In wildExploits1References77

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-6798

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00753EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-29367

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00753EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-2966

Malicious code in bioql PyPI...

8.7CVSS7.9AI score0.00404EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 8:24 a.m.•2 views

CVE-2024-49380

9.3CVSS7.1AI score0.7146EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 6:15 a.m.•3 views

CVE-2024-49381

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerabili...

8.7CVSS6.4AI score0.00404EPSS

Exploits1References1

Veracode•added 2025/03/18 10:53 a.m.•12 views

Remote Code Execution (RCE)

github.com/plentico/plenti is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of user-supplied file names in the /postLocal endpoint, allowing arbitrary JavaScript execution...

8.8CVSS7.3AI score0.00753EPSS

Exploits1References8Affected Software1

SUSE CVE•added 2025/03/16 2:48 a.m.•1 views

SUSE CVE-2025-26260

Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...

8.8CVSS7.6AI score0.00753EPSS

Exploits1References3

RedhatCVE•added 2025/03/15 7:4 a.m.•5 views

CVE-2025-26260

8.8CVSS7.1AI score0.00753EPSS

Exploits1References1

Snyk•added 2025/03/13 2:46 p.m.•1 views

Code Injection

Overview Affected versions of this package are vulnerable to Code Injection in the postLocal function in serve.go. An attacker can cause denial of service by supplying a malicious layout path parameter, which can be chained with a sandbox escape from v8 to achieve code execution on the vulnerable...

8.8CVSS7.8AI score0.00753EPSS

Exploits1References3

OSV•added 2025/03/12 6:32 p.m.•4 views

GHSA-323W-6P85-26FR Duplicate Advisory: Plenti - Code Injection - Denial of Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj4v-hp69-27x5. This link is maintained to preserve external references. Original Description Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can...

6.5CVSS8.8AI score0.00753EPSS

Exploits1References7

Github Security Blog•added 2025/03/12 6:32 p.m.•10 views

Duplicate Advisory: Plenti - Code Injection - Denial of Services

8.8CVSS7.4AI score0.00753EPSS

Exploits1References7Affected Software1

NVD•added 2025/03/12 4:15 p.m.•6 views

CVE-2025-26260

8.8CVSS0.00753EPSS

Exploits1References4

OSV•added 2025/03/12 4:15 p.m.•2 views

CVE-2025-26260

8.8CVSS9AI score0.00753EPSS

Exploits1References4

CNNVD•added 2025/03/12 12:0 a.m.•1 views

Plenti 安全漏洞

Plenti is a static site generator from Plentico open source. A security vulnerability exists in Plenti version 0.7.16 and earlier, which stems from an uploaded .svelte filename that could be executed as code, leading to code execution...

8.8CVSS7AI score0.00753EPSS

Exploits1References4