CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

ProcessWire 安全漏洞

ProcessWire is a friendly and powerful open source CMS with a robust API from ProcessWire. A security vulnerability exists in ProcessWire version 3.0.246, which originates from a specially crafted ZIP file that can be uploaded by a user with low privileges, potentially resulting in a denial of...

EUVD-2025-35198

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

CVE-2025-60790

CVE-2025-60790 affects ProcessWire CMS 3.0.246. A low-privileged user with lang-edit can upload a crafted ZIP via Language Support, which is auto-extracted without limits before validation, causing resource-exhaustion and a Denial of Service. The issue is documented across multiple feeds (NVD, Re...

EUVD-2022-7056

Malicious code in bioql PyPI...

EUVD-2022-7170

Malicious code in bioql PyPI...

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Cross-Site Request Forgery (CSRF)

ProcessWire is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user...

ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

GHSA-R9VW-CJF9-XH4X ProcessWire Cross Site Request Forgery vulnerability

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

PT-2024-29454 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.229 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. Recommendations: For version 3.0.229, update to a newer...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-41597

ProcessWire v3.0.229 is vulnerable to Cross-Site Request Forgery via its comments functionality, allowing a remote attacker to execute arbitrary code through a crafted HTML file. The connected PT-Security entry recommends updating to a newer version that includes a fix. No exploit details are pro...