39 matches found
PT-2026-54048
Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...
CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cachestat: fixed the permission checking for page cache statistics. When the cachestat system call was added in commit cf264e1329fb “cachestat: implement cachestat syscall”, it was intended to be a much more convenient and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...
CVE-2026-8612
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...
GHSA-GWFR-JFJF-92VV Grav has Insecure Deserialization in File Cache
Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...
Grav has Insecure Deserialization in File Cache
Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...
Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass
Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...
GHSA-VJ3M-2G9H-VM4P Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass
Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...
Deserialization of Untrusted Data
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe handling of serialized data and improper input validation in multiple components, including...
Duplicate Advisory: Grav has Insecure Deserialization in File Cache
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...
GHSA-J7RW-325J-2RMX Duplicate Advisory: Grav has Insecure Deserialization in File Cache
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...
CVE-2026-7317
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
Grav CMS 输入验证错误漏洞
Grav CMS is a file-based content management system developed under the open-source Grave project. Versions of Grav CMS prior to 1.7.49.5 and 2.0.0-beta.1 contain a vulnerability related to input validation errors. This vulnerability stems from a function in the component Cache Value Handler,...
PT-2026-35830
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
[SECURITY] Fedora 44 Update: python-diskcache-5.6.3-12.fc44
DiskCache is an Apache2 licensed disk and file backed cache library, written in pure-Python, and compatible with Django...
OESA-2026-1511 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...
OESA-2026-1510 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...
OESA-2026-1509 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...