Lucene search
K

75 matches found

Nuclei
Nuclei
added 14 hours ago52 views

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.1AI score0.02763EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-58402

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 2:4 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.2 Vulnerability Details CVEID:CVE-2026-39407 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static...

8.7CVSS6.3AI score0.00612EPSS
Exploits4Affected Software1
GithubExploit
GithubExploit
added 2026/05/14 1:15 p.m.87 views

portofolio_DWForSec

DwF — Cybersecurity Portfolio A professional cybersecurity po...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.3 views

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

7.5CVSS5.6AI score0.00532EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/08 2:42 p.m.1 views

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

5.9CVSS5.6AI score0.00532EPSS
Exploits1References3
CVE
CVE
added 2026/04/08 2:42 p.m.19 views

CVE-2026-39408

CVE-2026-39408 affects Hono, a web application framework for JavaScript runtimes. A path traversal flaw in toSSG() prior to version 4.12.12 can cause generated static site files to be written outside the configured output directory when dynamic routes use ssgParams. Multiple connected sources (NV...

7.5CVSS5.8AI score0.00532EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/08 2:42 p.m.24 views

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

5.9CVSS0.00532EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 12:16 a.m.4 views

GHSA-XF4J-XP2R-RQQX Hono: Path traversal in toSSG() allows writing files outside the output directory

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

5.9CVSS5.6AI score0.00532EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Hono 路径遍历漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.12 contained a path traversal vulnerability. This vulnerability stemmed from issues with the toSSG function, which allowed for path traversal attacks, potentially leading to files being written...

7.5CVSS5.7AI score0.00532EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31282

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

5.9CVSS5.8AI score0.00532EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

AltumCode 66biolinks security vulnerabilities

AltumCode 66biolinks is a platform-building script provided by AltumCode Corporation. The version 44.0.0 of AltumCode 66biolinks contains a security vulnerability. This vulnerability stems from a directory-traversal vulnerability present in the static site functionality, which could lead to...

6.5CVSS5.8AI score0.00632EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS5.9AI score0.02763EPSS
In wildExploits1References77
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1294

Malware in sbrugna...

8.5CVSS8.4AI score0.01451EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5530

Malware in sbrugna...

6.1CVSS6.1AI score0.0175EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1268

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00537EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3458

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00574EPSS
Exploits0References6
Gitee
Gitee
added 2025/09/22 1:44 a.m.162 views

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

6.9AI score
Exploits0
Rows per page
Query Builder