Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/04 5:19 p.m.9 views

EUVD-2026-27079

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:19 p.m.5 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 5:19 p.m.35 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00732EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:19 p.m.2 views

CVE-2026-42796

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 5:19 p.m.2 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.2CVSS6.7AI score0.00732EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References14
Prion
Prion
added 2009/02/20 5:30 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the pluginsfileid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS6AI score0.01436EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2006/06/06 12:0 a.m.11 views

PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...

7.5CVSS8AI score0.44016EPSS
Exploits2References26
Rows per page
Query Builder