Lucene search
K

507 matches found

Nuclei
Nuclei
added yesterday42 views

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7AI score0.63422EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago3 views

CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.4AI score0.01775EPSS
Exploits1References5
Fedora
Fedora
added 2026/07/06 3:10 p.m.11 views

[SECURITY] Fedora 43 Update: rust-inferno-0.12.6-3.fc43

Rust port of the FlameGraph performance profiling tool suite...

5.9AI score
Exploits0
NVD
NVD
added 2026/07/04 2:16 a.m.9 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5533 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server in github.com/tilt-dev/tilt

Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server in github.com/tilt-dev/tilt...

8.3CVSS5.9AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5343 opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler

opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler...

5.9AI score0.00017EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 10:16 p.m.7 views

GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent

Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...

6.2CVSS5.8AI score0.00017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51617

Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...

6.2CVSS5.9AI score0.00017EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.12 views

CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:16 p.m.13 views

CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:34 p.m.10 views

EUVD-2026-35768

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48129

Name of the Vulnerable Software and Affected Versions AMD uProf affected versions not specified Description Unrestricted resource allocation in AMD uProf may be exploited to consume excessive system resources, which could potentially lead to a loss of availability. Recommendations At the moment,...

6.8CVSS5.8AI score0.00098EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 9:46 p.m.7 views

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.1CVSS5.6AI score0.00037EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/05 9:46 p.m.15 views

Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

5.1CVSS5.6AI score0.00037EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 8:57 a.m.15 views

Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/05/22 2:42 a.m.13 views

Malicious Package

Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-44141

Name of the Vulnerable Software and Affected Versions Symfony affected versions not specified Description The profiler, a debug UI used only during development, renders source-code excerpts using the file excerpt filter. While PHP files are rendered via highlight string to escape HTML, non-PHP...

2CVSS6.2AI score0.00062EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-45157

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...

5.1CVSS5.5AI score0.00037EPSS
Exploits0References14
Snyk
Snyk
added 2026/05/20 3:35 p.m.11 views

Cross-site Scripting (XSS)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the...

5.4CVSS5.8AI score0.00062EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.11 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...

5.4CVSS5.8AI score0.00062EPSS
Exploits0References2
Rows per page
Query Builder