Lucene search
K

4 matches found

OSV
OSV
added 2026/06/08 11:0 p.m.9 views

GHSA-87M4-826X-3CRX PHPSpreadsheet has a patch bypass for CVE-2026-34084

Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...

9.2CVSS5.7AI score0.00351EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/04 9:0 p.m.16 views

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

6AI score0.00629EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2012/10/15 12:0 a.m.40 views

Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)

The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01oct12macosx.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Mac OS X Authors: Arun Kallavi...

10CVSS0.9AI score0.42609EPSS
Exploits6References12
RedHat Linux
RedHat Linux
added 2011/10/11 4:37 p.m.3 views

kdelibs: input validation failure in KSSL

The KDE SSL Wrapper KSSL API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name CN of a certificate via rich text...

4.3CVSS5.9AI score0.01134EPSS
Exploits0References4
Rows per page
Query Builder