185 matches found
CVE-2026-41237
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...
CVE-2026-41235
Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...
EUVD-2026-34316
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...
CVE-2026-41237
Froxlor CVE-2026-41237 affects versions 2.3.6 and earlier, where the LOC record regex uses \s+ allowing embedded newlines, TLSA matchingType=0 has no upper bound on hex data length, and validators return raw input without zone-file escaping. Version 2.3.7 includes an updated patch. Technical deta...
CVE-2026-41237
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...
CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content
Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DnsEntry.php process. An attacker can inject arbitrary DNS records into zone...
CVE-2025-71281 XenForo Template Method Call Restriction Bypass
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations...
CVE-2026-33477 FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only readown access to a folder to retrieve snippet content from files upload...
PT-2026-28486
Name of the Vulnerable Software and Affected Versions FileRise versions 2.3.7 through 3.10.0 Description FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. The file snippet endpoint /api/file/snippet.php allows an authenticated user with only...
EUVD-2026-13109
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...
CVE-2026-4239
CVE-2026-4239 affects Lagom WHMCS Template up to 2.3.7. The vulnerability is in an unknown Datatables function and leads to improperly controlled modification of object prototype attributes. It can be exploited remotely; the exploit has been made public. The vendor was contacted early about discl...
RS Studio Lagom WHMCS Template 安全漏洞
RS Studio Lagom WHMCS Template is a website template and front-end theme developed by the Polish company RS Studio. The RS Studio Lagom WHMCS Template versions 2.3.7 and earlier contain security vulnerabilities. These vulnerabilities stem from improper manipulation of the Datatables component,...
CVE-2025-64724
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...
CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...
CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...
CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which stems from...
PT-2025-47372
Name of the Vulnerable Software and Affected Versions DzzOffice versions prior to 2.3.7 Description DzzOffice is susceptible to an arbitrary file upload issue located in the /dzz/system/ueditor/php/controller.php file. The issue resides within the controller.php component. Recommendations Update ...