Lucene search
K

16 matches found

OSV
OSV
added 2026/05/13 5:17 p.m.9 views

DRUPAL-CONTRIB-2026-035

The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script element. A user who can add HTML to a page could cause the generated language-switcher links to poi...

2.7CVSS5.8AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 12:16 p.m.29 views

CVE-2026-43529

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS0.00079EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.6 views

CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS5.8AI score0.00079EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 10:53 p.m.2 views

GHSA-FVX6-PJ3R-5Q4Q OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Summary Before OpenClaw 2026.4.2, exec script preflight validation could fail open on complex interpreter invocations such as pipes or other non-simple command forms. In those cases, script-content validation could be skipped entirely. Impact An attacker-controlled command shape could bypass the...

5.4CVSS5.9AI score0.00303EPSS
Exploits0References5
NVD
NVD
added 2025/11/18 10:15 p.m.4 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.2CVSS0.00404EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-4291

Malware in sbrugna...

7.2CVSS8.4AI score0.01161EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24244

Malicious code in bioql PyPI...

9.4CVSS6.4AI score0.00625EPSS
Exploits0References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10470 - Pre-authentication CGI script fails to fully validate all parameters

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI scripts accessible during pre-authentication may fail to verify the validity of values supplied as parameters. This could lead to the arbitrary fetching of ".exe" files from the...

7.1AI score
Exploits0
NVD
NVD
added 2022/04/26 7:15 p.m.11 views

CVE-2021-26628

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files...

8.1CVSS0.0073EPSS
Exploits0References1
CVE
CVE
added 2022/04/26 6:21 p.m.64 views

CVE-2021-26628

CVE-2021-26628 concerns MaxBoard CMS. Connected sources indicate a vulnerability in versions prior to 1.9.6 due to insufficient script validation on the admin page and weak validation of uploaded files. This allows an unauthenticated attacker to upload arbitrary files disguised as images, enablin...

8.1CVSS6.7AI score0.0073EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/12/28 12:0 a.m.5 views

Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)

A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...

7.5CVSS3.1AI score0.21869EPSS
Exploits0
NVD
NVD
added 2020/06/18 3:15 a.m.22 views

CVE-2020-3274

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...

9CVSS0.028EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/18 2:15 a.m.26 views

CVE-2020-3278 Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...

7.2CVSS7.3AI score0.028EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 12:14 a.m.2 views

USN-4191-1 qemu vulnerabilities

It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. CVE-2019-12068 Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics...

8.8CVSS7.3AI score0.16658EPSS
Exploits4References6
0day.today
0day.today
added 2011/01/12 12:0 a.m.22 views

VaM Shop 1.6 Multiple Vulnerabilities

Exploit for php platform in category web applications Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1.6 and Probably Prior Versions Vendor Notification: 28 December 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vendor Alerted, Awaiting Vend...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/11 12:0 a.m.38 views

Exotic Cams Local File Inclusion / Cross Site Scripting

andresg888 Exploit Title : Exotic-Cams --LFI & XSS-- Date : 2010-01-09 Author : andresg888 Software Link : http://www.ppvchat.com/ Contact : andresg8884tgmaildotcom Dork : No DoRk f0R ScRipT KiDDieS Example LFI: http://www.ppvchat.com/demo/template03/registration/model.php Example XSS: Go to...

0.1AI score
Exploits0
Rows per page
Query Builder