Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/27 5:8 p.m.5 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

7.7CVSS6.1AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2025/12/18 10:16 a.m.4 views

CVE-2025-13641

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.59.12 via the 'template' shortcode parameter. This is due to insufficient path validation that allows absolute paths to be provided...

8.8CVSS0.00707EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1520

Malware in sbrugna...

7.5CVSS6.4AI score0.01103EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9734

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.38685EPSS
Exploits7References5
NVD
NVD
added 2025/07/18 5:15 p.m.4 views

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

5.3CVSS0.00342EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/18 12:0 a.m.3 views

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

6.3AI score0.00342EPSS
Exploits1References2
Veracode
Veracode
added 2025/05/29 5:27 p.m.10 views

Sensitive Information Disclosure

mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unauthenticated arbitrary file access where the missing web server restrictions on .env files, allowing attackers to directly view sensitive configurations via a browser...

5.1CVSS6.7AI score0.00103EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/17 6:44 p.m.3 views

GHSA-9CWX-2883-4WFX Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

6.9CVSS5.9AI score0.0103EPSS
Exploits0References8
OSV
OSV
added 2021/04/09 3:42 p.m.19 views

GHSA-23C7-6444-399M Improper Input Validation in sopel-plugins.channelmgnt

Impact On some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have ...

7.6CVSS8.3AI score0.01072EPSS
Exploits0References7
Hacker One
Hacker One
added 2019/11/14 12:9 p.m.7 views

Clario: Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com

Summary Normally a client can't access /admin directory because of front nginx server which returns 403. But we can use X-Rewrite-Url or X-original-url because back server processes these headers and front server doesn't. Steps to reproduce: This request shows normal behavior curl -i -s -k -X...

1.9AI score
Exploits0
Rows per page
Query Builder