Lucene search
K

14 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-58493

CVE-2026-58493 affects grav-plugin-database (Grav CMS) prior to 1.2.0. The plugin builds PDO DSN strings by concatenating user-configurable YAML values (host, dbname, charset, server, database, directory, filename) without sanitization, enabling an administrator with plugin config access to injec...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 12:13 p.m.51 views

CVE-2026-44939

An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...

9.4CVSS6AI score0.01277EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 a.m.14 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:37 a.m.8 views

CVE-2026-6346 Sensitive credentials exposed in plaintext in Mattermost support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

8.7CVSS5.8AI score0.0029EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 3:18 p.m.7 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...

8.3CVSS5.8AI score0.00212EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/20 11:20 p.m.5 views

CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...

6.3CVSS5.8AI score0.00212EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/20 11:20 p.m.36 views

CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...

6.3CVSS0.00212EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/11/03 9:48 p.m.14 views

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

7.2CVSS8.6AI score0.18993EPSS
Exploits17References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/03 6:31 p.m.13 views

Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j945-qm58-4gjx. This link is maintained to preserve external references. Original Description MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilenam...

7.2CVSS7.8AI score0.18993EPSS
Exploits17References4Affected Software1
OSV
OSV
added 2024/12/17 10:15 p.m.3 views

DEBIAN-CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

6.5CVSS5.7AI score0.0071EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/18 6:15 p.m.4 views

CVE-2022-0994

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.0275EPSS
Exploits4References2
Snyk
Snyk
added 2020/04/02 12:0 a.m.5 views

Command Injection

Overview karma-mojo is a plugin for Karma that provides a binary for running only a select subset of tests at a time instead of running the whole test suite. Affected versions of this package are vulnerable to Command Injection. The argument config can be controlled by users without any...

9.8CVSS5.6AI score0.04232EPSS
Exploits1References2
OSV
OSV
added 2005/04/27 4:0 a.m.7 views

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

5.8AI score
Exploits0References20
FreeBSD
FreeBSD
added 2005/02/03 12:0 a.m.25 views

htdig -- cross site scripting vulnerability

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the sit...

6.8CVSS7.1AI score0.02273EPSS
Exploits0References1
Rows per page
Query Builder