Scramble Laravel - Remote Code Execution

Scramble for Laravel = 0.13.2 and = 0.13.2 and 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation...

scramble - Remote Code Execution

Exploit Title: scramble - Remote Code Execution Google Dork: inurl:/docs/api.json "dedoc/scramble" Date: 2026-05-07 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll Vendor Homepage: https://scramble.dedoc.co Software Link: https://github.com/dedoc/scramble Version: =0.13.2,...

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

CVE-2026-44262

CVE-2026-44262 affects dedoc/scramble (Laravel API documentation generator) versions 0.13.2–0.13.21. The vulnerability arises when publicly accessible docs endpoints evaluate user-controlled input via NodeRulesEvaluator::doEvaluateExpression(), which may evaluate request data and execute arbitrar...

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

Scramble 代码注入漏洞

Scramble is a tool developed by de:doc for automatically generating API documentation for Laravel projects. Versions of Scramble from 0.13.2 to 0.13.22 contained a code injection vulnerability. This vulnerability stemmed from the exposed documentation endpoints and the use of validation rules tha...

Remote Code Execution (RCE)

dedoc/scramble is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe evaluation of user-controlled input during documentation generation, which allows an attacker to execute arbitrary PHP code in the application context...

Exploit for CVE-2026-44262

dedoc/scramble RCE CVE-2026-44262 PoC...

GHSA-4RM2-28VJ-FJ39 Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules

Impact A remote code execution RCE vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

CVE-2024-23085

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scrambledouble, int, int. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The...

PT-2024-19664 · Apfloat · Apfloat

Name of the Vulnerable Software and Affected Versions: Apfloat version 1.10.1 Description: A NullPointerException was discovered in Apfloat via the component org.apfloat.internal.DoubleScramble::scrambledouble, int, int. However, the existence of this issue is disputed by multiple third parties d...

Apfloat 安全漏洞

Apfloat is a high-performance arbitrary-precision arithmetic library by the individual developer Mikko Tommila. A security vulnerability exists in Apfloat version v1.10.1, which stems from a null pointer exception contained in the component org.apfloat.internal.DoubleScramble scrambledouble, int,...

proprofs.com XSS vulnerability

Vulnerable URL: https://www.proprofs.com/games/word-games/word-scramble/tree-life-cycle/?ew=500alert/OPENBUGBOUNTY/...

Trucktown: Scrap Yard Scramble - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Trucktown: Scrap Yard Scramble published at the 'play' market has multiple vulnerabilities...

Word Scramble - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Word Scramble published at the 'play' market has multiple vulnerabilities...

Oracle MySQL MariaDB - Insecure Salt Generation Security Bypass

Oracle MySQL MariaDB - Insecure Salt Generation Security Bypass source: https://www.securityfocus.com/bid/56837/info MySQL and MariaDB are prone to a security-bypass weakness. An attacker may be able to exploit this issue to aid in brute-force attacks; other attacks may also be possible. use...

Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass

source: https://www.securityfocus.com/bid/56837/info MySQL and MariaDB are prone to a security-bypass weakness. An attacker may be able to exploit this issue to aid in brute-force attacks; other attacks may also be possible. use Net::MySQL; $|=1; my $mysql = Net::MySQL-new hostname = '192.168.2.3...