Lucene search
K

7 matches found

OSV
OSV
added 4 days ago3 views

CVE-2026-58493 grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Connection String Construction

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.4AI score0.00487EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/05 9:22 p.m.18 views

qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

8.8CVSS6.2AI score0.0049EPSS
Exploits1References5Affected Software1
Gitee
Gitee
added 2025/09/20 7:29 a.m.143 views

weblogic-monitoring-exporter

This is a Java-based project for exporting metrics from WebLogic Server WLS instances to Prometheus. The project is available in two forms: a web application and a separate process. The web application is deployed to the server from which metrics are to be extracted, while the separate process is...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.38 views

CVE-2022-41958 Deserialization Vulnerability by yaml config input in super-xray

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...

7.3CVSS7.6AI score0.00426EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.9 views

CVE-2022-41958 Deserialization Vulnerability by yaml config input in super-xray

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...

7.3CVSS6.6AI score0.00426EPSS
Exploits1References2
Veracode
Veracode
added 2021/10/19 8:35 a.m.15 views

Remote Code Execution (RCE)

nameko is vulnerable to remote code execution. The use of unsafe deserialising a YAML config file allows an attacker to provide files with malicious content to trigger the attack...

7.8CVSS5.3AI score0.01488EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder