EUVD-2020-30887

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2020-36962

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

Insufficient Granularity of Access Control

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the API endpoint responsible for reading or listing static routes. An attacker can access sensitive route...

CVE-2026-23493

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

PT-2026-3077

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description The application does not properly enforce server-side authorization checks on the API endpoint responsible for reading or listing static routes. Static routes are...

EUVD-2026-2449

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

CVE-2026-23492

Pimcore Admin Search Find API exposes blind SQL injection due to an incomplete patch from CVE-2023-30848. Affected versions: Pimcore before 12.3.1 and before 11.5.14. Attack requires authenticated access to the admin interface and can disclose database information via blind SQL injection, potenti...

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

Linux Distros Unpatched Vulnerability : CVE-2015-7013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory...

Input validation

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory...

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. Recent...

Apple macOS Monterey 输入验证错误漏洞

Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. An input validation error vulnerability exists in Apple macOS Monterey versions 12.0 21A344 through 12.3.1 21E258, which stems from insufficient validation of user-supplied input in libresolv. A...

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS...

About the security content of macOS Monterey 12.3.1

About the security content of macOS Monterey 12.3.1 This document describes the security content of macOS Monterey 12.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

Tendenci 12.3.1 - CSV/ Formula Injection

Exploit Title: Tendenci 12.3.1 - CSV/ Formula Injection Date: 2020-10-29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.tendenci.com/ Software Link: https://github.com/tendenci/tendenci Version: 12.3.1 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of...

Apple Security Update: iOS 12.3.1

Apple recommends to install security update iOS 12.3.1 on devices iPhone 5s and later, iPad Air and later, and iPod touch 6th generation...