CVE-2026-44522 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

GHSA-G49P-4QXJ-88V3 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution

Description The Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored directly in the database without any sanitization or validation - no path...

EUVD-2026-25106

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

CVE-2026-41129 Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

CVE-2026-41129 Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations

Required Permissions The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" "Create assets in the volume" Details The implementation fails to restrict the URL Scheme. While the application is intended to "upload assets", there is no...

GHSA-3M9M-24VH-39WX Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations

Required Permissions The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" "Create assets in the volume" Details The implementation fails to restrict the URL Scheme. While the application is intended to "upload assets", there is no...

CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

CVE-2024-52600

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

Mautic allows Remote Code Execution and File Deletion in Asset Uploads

Summary This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. Remote Code Execution RCE via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload...

GHSA-73GX-X7R9-77X2 Mautic allows Remote Code Execution and File Deletion in Asset Uploads

Summary This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. Remote Code Execution RCE via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload...

Directory Traversal

statamic/cms is vulnerable to Directory Traversal. The vulnerability is due to improperly handled filenames in asset uploads, which could allow files to be placed in unintended locations on the server, potentially overriding existing files...

PT-2024-20460 · Statamic · Statamic

Name of the Vulnerable Software and Affected Versions: Statamic versions prior to 3.4.17 Statamic versions prior to 4.46.0 Description: The issue allows HTML files crafted to look like jpg files to be uploaded, enabling cross-site scripting XSS attacks. This affects front-end forms with asset...

note-mark

Note Mark !License: AGPL V3https://img.shields.io/github/li...