222081 matches found
PT-2026-33929
This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...
PT-2026-34047
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...
CVE-2026-37748
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...
Bagisto 跨站脚本漏洞
Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Versions of Bagisto 2.3.15 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from improper operation of the Custom Scripts Handler component, which could lead to cross-site scripti...
POC---Aikido-Security-BV
POC---Aikido-Security-B...
EUVD-2026-23650
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds...
Incomplete List of Disallowed Inputs
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...
Incomplete List of Disallowed Inputs
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...
Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
MAL-2026-2829 Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
Vaadin Flow and the axios npm supply-chain compromise
On March 31, 2026, compromised versions of the popular axios HTTP client library 1.14.1 and 0.30.4 were published to NPM via a hijacked maintainer account. The malicious versions injected [email protected], a cross-platform RAT dropper that connected to a command-and-control server. The...
Malicious code in @tax-taxdev/tools-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...
MAL-2026-2717 Malicious code in @tax-taxdev/tools-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c3192cab77322b1ecf1742c4eda9aa9e5a6b495e3bf386284a15cf36365dcc The package @tax-taxdev/tools-scripts was found to contain malicious code...
EUVD-2026-23159
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2026-23145
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-40504
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-40504
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-40504
CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...
CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.064-3.fc42
This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...