CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

EUVD-2026-31441

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

CVE-2026-8340 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion, enabling a user with edit_file_contents to publish an attacker‑chosen version (downgrade or publish an unpublished co-editor version). The entry provides CVSS v4.0 base score 2.3 (low) with network attack vector ...

CVE-2026-7095 code-projects Employee Management System edit.php cross site scripting

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

PT-2026-35364

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

Code-Projects Employee Management System 跨站脚本漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameter IDs in the file...

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

Path Traversal

croogo/croogo is vulnerable to path traversal. The vulnerability is due to improper validation of the edit-file parameter, which allows an attacker to craft malicious file paths and read arbitrary files on the server...

CVE-2026-4472 itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admineditsupplier.php. The manipulation of the argument SupplierName leads to sql injection. The attack can be initiated remotely. The...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

PT-2026-23626

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

Jeson Customer Relationship Management System SQL注入漏洞

Jeson Customer Relationship Management System is a lightweight customer relationship management system developed by DefaultFunction’s individual developer. Version 1.0.0 of Jeson Customer Relationship Management System has a SQL injection vulnerability. This vulnerability arises from incorrect...

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

CVE-2026-27967

CVE-2026-27967 affects Zed code editor before 0.225.9. A symlink escape in Agent file tools (read_file, edit_file) lets reading/writing files outside the project directory when a project contains external symlinks, bypassing workspace boundaries and privacy protections (file_scan_exclusions, priv...

CVE-2026-27967 Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

CVE-2026-27967 Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

EUVD-2026-5702

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...