Lucene search
K

6 matches found

Nuclei
Nuclei
added 6 days ago39 views

Laravel Livewire v3 - Remote Command Execution

Livewire v3 Laravel contains a vulnerability in its component hydration/update mechanism that can be exploited to reach remote command execution RCE without authentication under certain conditions. id: CVE-2025-54068 info: name: Laravel Livewire v3 - Remote Command Execution author: flame-11...

9.8CVSS7.7AI score0.95376EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:41 a.m.8 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.8AI score0.00574EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 10:41 a.m.51 views

CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

0.00574EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/17 6:42 p.m.5 views

Arbitrary Code Injection

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...

9.8CVSS7.8AI score0.95376EPSS
Exploits5References2
Snyk
Snyk
added 2025/07/04 3:44 p.m.0 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the mbedtlslmsimportpublickey function. An attacker can cause a crash or disclose limited adjacent memory by providing a truncated LMS public-key buffer that is less than four bytes in length. Workaround For the...

6.5CVSS7AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.5 views

PT-2023-10826 · Sea75300 · Fanpress Cm

Name of the Vulnerable Software and Affected Versions: sea75300 FanPress CM versions up to 3.6.3 Description: A vulnerability was found in the Template Preview component, specifically affecting the getArticlesPreview function of the file inc/controller/action/system/templatepreview.php. This issu...

6.1CVSS4.3AI score0.00499EPSS
Exploits0References7
Rows per page
Query Builder