CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Summary: CVE-2026-45247 affects Mirasvit Full Page Cache Warmer for Magento 2 (pre‑1.11.12). The vulnerability arises from an unsafe PHP deserialization: a crafted serialized object placed in the CacheWarmer cookie is passed to PHP’s unserialize() without class restrictions, enabling unauthentica...

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞

Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...

CVE-2024-47886

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

EUVD-2024-55455

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions 1.11.12 to 1.11.26 of Chamilo have code vulnerabilities, which stem from deserialization issues and may lead to remote code execution...

CVE-2023-36685

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

Wings 代码问题漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in versions of Wings prior to 1.11.12, which arises from the ability of a user with privileged access to the game server to bypass previously implemented access controls, allowing an attacker to access...

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in Wings versions prior to 1.11.12, which stems from a Wings token that can be accidentally disclosed by viewing the node configuration, allowing an attacker to use it to gain write and read access to...

CVE-2023-36685

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12...

Debian Security Advisory DSA 2505-1 (zendframework)

The remote host is missing an update to zendframework announced via advisory DSA 2505-1. OpenVAS Vulnerability Test $Id: deb25051.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2505-1 zendframework Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...