31 matches found
WordPress plugin Pagelayer 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)
Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...
Prototype Pollution via FormData Processing in Qwik City
Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and...
CVE-2016-10829
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error SEC-99...
CVE-2016-10794
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error SEC-154...
CVE-2025-66301
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Summary Due to a broken access control vulnerability in the /admin/pages/pagename endpoint, an editor user with full permissions to pages can change the functionality of a form after submission. Details Due to improper authorization checks when modifying critical fields on a POST request to...
GHSA-V8X2-FJV7-8HJH Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Summary Due to a broken access control vulnerability in the /admin/pages/pagename endpoint, an editor user with full permissions to pages can change the functionality of a form after submission. Details Due to improper authorization checks when modifying critical fields on a POST request to...
CVE-2025-66301
Grav CMS contains a broken access control vulnerability (CVE-2025-66301) where an editor with only basic content permissions can modify the YAML frontmatter data[_json][header][form] in POST to /admin/pages/{page_name}, altering the form processing logic. Root cause: improper authorization checks...
CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...
CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...
CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...
EUVD-2016-1823
Malware in sbrugna...
EUVD-2008-0005
Malware in sbrugna...
Fedora: Security Advisory for plexus-containers (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: plexus-resources-1.3.0-4.fc40
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...
[SECURITY] Fedora 40 Update: plexus-i18n-1.0-0.31.b10.4.fc40
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...
[SECURITY] Fedora 40 Update: plexus-archiver-4.9.1-3.fc40
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2644)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...
Golang < 1.19.8 / 1.20.x < 1.20.3 Multiple Vulnerabilities
The version of Golang Go installed on the remote host is affected by multiple vulnerabilities, as follows: - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can...