Lucene search
+L

1511 matches found

nuclei
nuclei
added 8 hours ago29 views

vBulletin replaceAdTemplate - Remote Code Execution

vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...

10CVSS7.3AI score0.69817EPSS
Exploits6References4
nuclei
nuclei
added 8 hours ago112 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.3AI score0.71725EPSS
Exploits1References5
nvd
nvd
added 6 days ago4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
osv
osv
added 6 days ago4 views

CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References5
nvd
nvd
added 6 days ago4 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS0.00332EPSS
Exploits0References2
euvd
euvd
added 6 days ago7 views

EUVD-2026-42836

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References1
cve
cve
added 6 days ago30 views

CVE-2026-40008

CVE-2026-40008 concerns Apache IoTDB and is caused by the pipe processor reading a fully-qualified Java class name and calling Class.forName().newInstance() without validation or allowlisting (Unsafe Reflection). Affected versions are 1.0.0 up to, but not including, 2.0.10. The issue enables arbi...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2
attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 6 days ago32 views

CVE-2026-40008 Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

0.00332EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 10:16 a.m.34 views

CVE-2025-8591 Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification

The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...

6.1CVSS0.00161EPSS
Exploits0References1
nvd
nvd
added 2026/07/02 8:17 p.m.11 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.0024EPSS
Exploits0References4
osv
osv
added 2026/07/02 7:37 p.m.7 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

5.1CVSS5.9AI score0.0024EPSS
Exploits0References7
cve
cve
added 2026/06/30 9:6 p.m.20 views

CVE-2026-58449

txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/30 9:6 p.m.5 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
osv
osv
added 2026/06/30 9:6 p.m.3 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.3CVSS6.7AI score0.00725EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/30 9:6 p.m.39 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/30 6:44 p.m.6 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits2References6Affected Software1
euvd
euvd
added 2026/06/30 6:44 p.m.8 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits2References5
osv
osv
added 2026/06/30 6:44 p.m.4 views

CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.3CVSS6.8AI score0.00938EPSS
Exploits2References8
cve
cve
added 2026/06/30 6:44 p.m.31 views

CVE-2026-58138

CVE-2026-58138 affects Orkes Conductor 3.21.21 up to, but not including, 3.30.2. The vulnerability arises from unsandboxed GraalVM evaluators built with HostAccess.ALL (or allowAllAccess(true)) used by INLINE, LAMBDA, DO_WHILE, and SWITCH task types, enabling an unauthenticated attacker to submit...

9.8CVSS6.6AI score0.00938EPSS
Exploits2References5
Rows per page
Query Builder