Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47333

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode form part/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename,...

2.1CVSS5.6AI score0.00178EPSS
Exploits0References5
NVD
NVD
added 2025/11/26 1:16 a.m.6 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS0.00164EPSS
Exploits1References1
Veracode
Veracode
added 2025/08/11 9:25 a.m.6 views

Command Injection

codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...

9.8CVSS7.9AI score0.01508EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/07/28 3:15 p.m.8 views

CVE-2025-54418

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

9.8CVSS0.01508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-14932 · Hypr · Hypr Workforce Access

Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions prior to 8.7 Description: The issue is related to an Improper Link Resolution Before File Access, also known as 'Link Following', which allows user-controlled filename. This can potentially lead to unauthorized...

7.8CVSS7.4AI score0.0017EPSS
Exploits0References4
Rows per page
Query Builder