Lucene search
+L

185 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 7:16 p.m.17 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:55 p.m.11 views

EUVD-2026-34316

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 5:55 p.m.22 views

CVE-2026-41237

Froxlor CVE-2026-41237 affects versions 2.3.6 and earlier, where the LOC record regex uses \s+ allowing embedded newlines, TLSA matchingType=0 has no upper bound on hex data length, and validators return raw input without zone-file escaping. Version 2.3.7 includes an updated patch. Technical deta...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:55 p.m.6 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/04 5:47 p.m.39 views

CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

7.6CVSS0.0027EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 3:45 p.m.10 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DnsEntry.php process. An attacker can inject arbitrary DNS records into zone...

8.6CVSS5.9AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 12:30 a.m.31 views

CVE-2025-71281 XenForo Template Method Call Restriction Bypass

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations...

8.8CVSS0.00333EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 5:9 p.m.6 views

CVE-2026-33477 FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only readown access to a folder to retrieve snippet content from files upload...

4.3CVSS5.8AI score0.00225EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28486

Name of the Vulnerable Software and Affected Versions FileRise versions 2.3.7 through 3.10.0 Description FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. The file snippet endpoint /api/file/snippet.php allows an authenticated user with only...

4.3CVSS5.8AI score0.00225EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/19 3:31 p.m.9 views

EUVD-2026-13109

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...

9.8CVSS6.2AI score0.00715EPSS
Exploits1References3
CVE
CVE
added 2026/03/16 1:2 p.m.26 views

CVE-2026-4239

CVE-2026-4239 affects Lagom WHMCS Template up to 2.3.7. The vulnerability is in an unknown Datatables function and leads to improperly controlled modification of object prototype attributes. It can be exploited remotely; the exploit has been made public. The vendor was contacted early about discl...

5.1CVSS5.3AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

RS Studio Lagom WHMCS Template 安全漏洞

RS Studio Lagom WHMCS Template is a website template and front-end theme developed by the Polish company RS Studio. The RS Studio Lagom WHMCS Template versions 2.3.7 and earlier contain security vulnerabilities. These vulnerabilities stem from improper manipulation of the Datatables component,...

5.1CVSS5.8AI score0.00206EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/19 4:23 p.m.9 views

CVE-2025-64724

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...

4.8CVSS6.9AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 3:18 p.m.32 views

CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...

4.8CVSS0.00108EPSS
Exploits0References4
OSV
OSV
added 2025/12/18 3:18 p.m.5 views

CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...

4.8CVSS6.8AI score0.00108EPSS
Exploits0References6
OSV
OSV
added 2025/12/18 3:15 p.m.10 views

CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.6AI score0.0011EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.30 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS7AI score0.00383EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.7 views

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which stems from...

9.8CVSS7.7AI score0.00343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.10 views

PT-2025-47372

Name of the Vulnerable Software and Affected Versions DzzOffice versions prior to 2.3.7 Description DzzOffice is susceptible to an arbitrary file upload issue located in the /dzz/system/ueditor/php/controller.php file. The issue resides within the controller.php component. Recommendations Update ...

6.8AI score0.00383EPSS
Exploits1References4
Rows per page
Query Builder