Lucene search
K

9 matches found

Nuclei
Nuclei
added 7 hours ago19 views

Gotenberg - Command Injection

Gotenberg 8.31.0 contains a command injection caused by lack of validation on JSON metadata keys in /forms/pdfengines/metadata/write endpoint, letting unauthenticated attackers execute OS commands, exploit requires crafted HTTP request. id: CVE-2026-42589 info: name: Gotenberg - Command Injection...

9.8CVSS6AI score0.0295EPSS
Exploits2References3
NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:0 a.m.7 views

EUVD-2026-38695

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50602

Name of the Vulnerable Software and Affected Versions Avo affected versions not specified Description A missing authorization flaw in the association attach workflow allows authenticated low-privileged users to bypass access controls. While the user interface and the 'GET...

9.6CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-47059

Name of the Vulnerable Software and Affected Versions Site Kit by Google WordPress plugin versions prior to 1.176.0 Description A broken access control flaw exists in a REST API write endpoint that fails to properly restrict access to administrators. This allows lower-privileged users, such as...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/28 3:27 p.m.97 views

Exploit for Improper Authentication in Influxdata Influxdb

LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...

9.8CVSS7.6AI score0.30921EPSS
Exploits3
CVE
CVE
added 2026/05/14 3:11 p.m.22 views

CVE-2026-42589

Gotenberg CVE-2026-42589: The issue is an unauthenticated remote code execution in Gotenberg

9.8CVSS6AI score0.0295EPSS
In wildExploits2References1Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:11 p.m.52 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS0.0295EPSS
Exploits2References1
OSV
OSV
added 2025/03/20 10:10 a.m.5 views

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

6.5CVSS7AI score0.02458EPSS
Exploits1References3
Rows per page
Query Builder