476 matches found
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
CVE-2026-9558
A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...
Mautic 安全漏洞
Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from server-side template injection in the theme engine. This vulnerability may...
CVE-2025-13593
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2024-47270
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2024-47267
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...
PT-2026-43591
Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...
Synology Active Backup for Business Agent 访问控制错误漏洞
Synology Active Backup for Business Agent is an enterprise data backup and recovery management platform developed by Synology, a Chinese company. Versions of Synology Active Backup for Business Agent prior to 3.1.0-4967 contained a access control vulnerability caused by a source verification erro...
PT-2026-43585
Name of the Vulnerable Software and Affected Versions Synology ActiveProtect Agent versions prior to 1.1.0-0439 Description An origin validation error occurs during installation, allowing local users to write arbitrary files with restricted content. Recommendations Update to version 1.1.0-0439 or...
CVE-2026-7879
In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...
Astra Linux – Vulnerability in Cpio
In all versions of cpio before 2.13, input files are not properly validated when generating TAR archives. When cpio is used to create TAR archives from paths that attackers can access, the resulting archive may contain files with permissions that the attacker does not have, or in paths to which t...
Strapi 代码问题漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a flaw in the Content API endpoint of the Upload plugin, which did not enforce the MIME type...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-20168 Cisco IoT Field Network Director Path Traversal Vulnerability
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...
CVE-2026-20168
Cisco IoT Field Network Director’s web-based management interface is affected by a path traversal vulnerability caused by insufficient file access checks. An authenticated, low-privilege remote attacker could submit crafted input via the web UI to read files they are not authorized to access, imp...
CVE-2026-40889
CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...
CVE-2026-35658
OpenClaw CVE-2026-35658 affects the OpenClaw image tool prior to version 2026.3.2. The vulnerability is a filesystem boundary bypass that ignores tools.fs.workspaceOnly restrictions, allowing an attacker to traverse sandbox bridge mounts outside the workspace and read files that other filesystem ...