Lucene search
K

515 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32094

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/03/24 10:39 a.m.5 views

python: cpython: URL parser allowed square brackets in domain names

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.3CVSS6.6AI score0.01499EPSS
Exploits0References6
OSV
OSV
added 2026/03/24 12:0 a.m.4 views

ALSA-2026:5588 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS7.1AI score0.01499EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.8 views

RHEL 8 : python3 (RHSA-2026:5588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5588 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 9:30 a.m.5 views

EUVD-2026-13074

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References7
NVD
NVD
added 2026/03/19 8:16 a.m.5 views

CVE-2026-3475

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS0.00278EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/19 7:34 a.m.26 views

CVE-2026-3475 Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS0.00278EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26263

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handle email verification page function constructing a shortcode string from user-supplied GET parameters token, email and...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2026/03/12 2:29 p.m.6 views

leaf-playground (>=0.4.0 <=0.6.0), lightrft (=0.1.0) +1 more potentially affected by CVE-2026-3060 via sglang (>=0.1.26 <=0.4.6.post5)

sglang PYPI version =0.1.26, =0.4.0, =0.6.0 - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: SNYK:PYTHON-SGLANG-15470991...

9.8CVSS6.9AI score0.01158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.5 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3060 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: OSV:GHSA-JX93-G359-86WM...

9.8CVSS6.9AI score0.01158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.4 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3059 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3059 Source advisory: OSV:GHSA-RGQ9-FQF5-FV58...

9.8CVSS6.9AI score0.01534EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.10 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3989 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3989 Source advisory: OSV:GHSA-HVWJ-8W5G-28RG...

7.8CVSS6.9AI score0.00334EPSS
Exploits0
Snyk
Snyk
added 2026/03/11 10:40 p.m.7 views

Improper Encoding or Escaping of Output

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
NVD
NVD
added 2026/03/11 8:16 p.m.9 views

CVE-2026-32094

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS0.00214EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 7:53 p.m.3 views

GHSA-9JFH-9XRQ-4VWM Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.9AI score0.00214EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/11 7:50 p.m.3 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:50 p.m.5 views

CVE-2026-32094

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/11 7:50 p.m.4 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24813

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.9AI score0.00214EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2025-13457

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

7.5CVSS6AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder