CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

EUVD-2016-6795

Malware in sbrugna...

EUVD-2018-1976

Malware in sbrugna...

EUVD-2025-5276

Malicious code in bioql PyPI...

EUVD-2024-51875

Malicious code in bioql PyPI...

CVE-2024-57973

In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl-totlen" variable is controlled by the user. It comes from processresponses. On 32bit systems, the "gl-totlen + sizeofstruct cplpassacceptreq + sizeofstruct rssheader...

CVE-2024-57973 rdma/cxgb4: Prevent potential integer overflow on 32bit

In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit The "gl-totlen" variable is controlled by the user. It comes from processresponses. On 32bit systems, the "gl-totlen + sizeofstruct cplpassacceptreq + sizeofstruct rssheader...

Reflected XSS in /editor_tools/rte_image_editor

Description Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint Proof of Concept in File microweber/userfiles/modules/microweber/toolbar/editortools/rteimageeditor/index.php on Line 15, we can observe the source $GET'types' being saved...

CVE-2021-36802 Akaunting DoS via User-Controlled 'locale' Variable

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...

OS Command Injection

@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

Command injection

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

Arbitrary file deletion

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

Chrome V8 Runtime_RegExpReplace Integer Overflow

Chrome: V8: Integer overflow in RuntimeRegExpReplace Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc =...