SUSE CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

EUVD-2025-1485

Malicious code in bioql PyPI...

Exploit for CVE-2025-27210

🔓 CVE-2025-27210 – High-Severity Path Traversal in Node.js o...

CVE-2020-8132

Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...

PT-2025-18960 · Unknown · Fastify/View

Name of the Vulnerable Software and Affected Versions: @fastify/view affected versions not specified Description: The issue concerns a potential Remote Code Execution RCE vulnerability in the @fastify/view plugin for Fastify, which allows the use of template engines for generating HTML pages on t...

PT-2025-17012 · Wpcafe · Wpcafe

Name of the Vulnerable Software and Affected Versions: WPCafe versions 2.2.32 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...

Reflected Cross-Site Scripting (Reflected XSS)

NocoDB is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the insecure usage of the EJS template engine, specifically the %- function in resetPassword.ts, which can directly renders unescaped user input, allowing malicious scripts to execute when processed ...

PHPNuke 5 Cross Scripting

This is a forward of frog-m@n posting to Vuln-Dev. Here a few holes that i've found in PHPNuke. 5 "Cross Site Scripting". http://phpnuke.org/modules.php? name=Downloads&dop=viewdownloaddetails&lid=0 2&ttitle=JAVASCRIPT http://phpnuke.org/modules.php? name=Downloads&dop=ratedownload&lid=118&ttitle...