CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

OPENSUSE-SU-2026:10286-1 ruby4.0-rubygem-rack-2.2-2.2.22-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.22-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-25500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entr...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...

EUVD-2025-50830

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

PT-2025-46221

Name of the Vulnerable Software and Affected Versions CMS Made Simple Foundation File Manager version 2.2.22 Description An authenticated arbitrary file upload issue exists in the /uploads/ endpoint of the software. An attacker with Administrator privileges can upload a crafted PHP file,...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

BPC Banking SmartVista Suite 安全漏洞

BPC Banking SmartVista Suite is a payment software from BPC Banking, USA. A security vulnerability exists in BPC Banking SmartVista Suite version 2.2.22 that originates from a specially crafted GET request and could lead to a cross-site request forgery attack...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

MAL-2025-6820 Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...