GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

EUVD-2024-35185

Malicious code in bioql PyPI...

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

CVE-2024-35081

LuckyFrameWeb v3.5.2 is affected by CVE-2024-35081: an arbitrary file deletion vulnerability exposed through the fileName parameter in the fileDownload method. The issue allows deletion of files and is described as a security vulnerability with high integrity impact (I: high) while confidentialit...

CVE-2024-33118

LuckyFrameWeb v3.5.2 is affected by an arbitrary read in the fileDownload method of com.luckyframe.project.common.CommonController. Evidence from multiple sources confirms the vulnerable version and component, with CVSSv3.1 base score 7.5 (HIGH) and network attack vector. Technical details across...

CVE-2024-33118

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController...

October CMS stored XSS by authenticated backend user with improper configuration

Impact A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. SVG files are supported by default in v3 for convenience; however, this has resulted in multip...

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

CVE-2022-41401

OpenRefine

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

CVE-2020-9055

Versiant LYNX CSP 3.5.2 is vulnerable to stored cross-site scripting due to insufficient input validation, enabling a local, authenticated attacker to inject JavaScript that is stored and executed for end users (possible redirects, session cookie hijacking, information disclosure). The issue is d...

CVE-2019-20062

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash the hash never expires until used...

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

Cross site scripting

Reflected XSS in wordpress plugin simpel-reserveren v3.5.2...

CVE-2016-1000149

The CVE-2016-1000149 affects the WordPress plugin Simpel Reserveren (versions 3.5.2 and earlier). The vulnerability is a reflected cross-site scripting (XSS) in the plugin, enabling an attacker to execute arbitrary script in a user’s browser within the context of the affected site. The underlying...

Mao10cms最新版前台注入(有条件限制)

简要描述： Mao10cms最新版前台注入 详细说明： Mao10cms用户量不小，2015-06-25更新的V3.5.2，今天来学习一下吧 这个注入问题出现在模板文件中，有多个地方引用这个模板，这里说3个漏洞，是这个问题文件中存在多个注入点引用这个出问题的文件。 问题文件在/theme/default/article/single.php,看代码 ;" " 无关代码 看到文件...

vBulletin v3.5.2 XSS Vulnerabilities

Exploit for unknown platform in category web applications ==================================== vBulletin v3.5.2 XSS Vulnerabilities ==================================== Title: vBulletin Version 3.5.2 - Introduction XSS scripting Author: Discovered by ROOTEGY Version: vBulletin Version 3.5.2 3.5.2...