CVE-2026-41934

Vvveb prior to 1.0.8.2 contains an authenticated RCE in the admin code editor. With roles such as editor/author/contributor/site_admin, an attacker can write a crafted .htaccess to map arbitrary extensions to the PHP handler and upload PHP code with that extension, enabling unauthenticated remote...

PT-2026-37273

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...

GHSA-FW49-9XQ4-GMX6 CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

EUVD-2026-26280

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

Dolibarr ERP & CRM 安全漏洞

Dolibarr ERP & CRM is an enterprise management software developed under the open-source license of Dolibarr. Dolibarr ERP & CRM versions 22.0.4 and earlier have a security vulnerability. This vulnerability stems from inconsistent execution of PHP code detection and editing permissions within...

PT-2026-32013

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, has an issue where the PlatformConfigurationController::decodeSettingArray method uses PHP's eval function to process platform settings retrieved...

RiteCMS 3.1.0 - Authenticated Remote Code Execution

Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: 3.1.0 Tested on: Window...

CVE-2019-25687

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...

CVE-2019-25673 UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute...

HytaleModding Wiki 代码问题漏洞

HytaleModding Wiki is an open-source documentation platform for Hytale Modding. Versions of HytaleModding Wiki prior to 1.2.0 had code vulnerabilities. These vulnerabilities stemmed from the quickUpload endpoint’s validation of MIME types, but it used file extensions provided by the client, which...

CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

Arbitrary File Upload

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary File Upload through the downloadVideoFromDownloadURL function. A user with upload permissions can execute arbitrary code on the server by uploading a...

CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

GHSA-8WG7-WM29-2RVG RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin

The Webhooks plugin renders user-supplied template content through Twig’s renderString function without sandbox protection. This allows an authenticated user with access to the Craft control panel and permissions to access the Webhooks plugin to inject Twig template code that calls arbitrary PHP...

Fields GLPI plugin 输入验证错误漏洞

The Fields GLPI plugin is an open-source plugin developed by GLPI Project Plugins. Versions of the Fields GLPI plugin prior to 1.23.3 had a vulnerability related to input validation errors. This vulnerability stemmed from allowing users who can create drop-down lists to execute arbitrary PHP code...