CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

EUVD-2026-34257

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation vulnerability

Missing Authorization to Unauthenticated Xpro Template Creation vulnerability discovered by at1as - Self-Employed in WordPress Plugin Xpro Elementor Addons versions = 1.5.0...

ROS-20260420-73-0045

Vulnerability in incus related to failure to take measures to neutralize special elements in the template creation mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

ROS-20260417-73-0045

Vulnerability in glpi is related to failure to take measures to neutralize special elements in the template creation mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

PT-2026-24658

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the create from template AJAX endpoint allowing any authenticated user to create forms,...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

EUVD-2025-206857

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

CVE-2025-70073

Summary: CVE-2025-70073 affects ChestnutCMS versions prior to 1.5.9. The issue enables a remote attacker to execute arbitrary code through the template creation function. The provided sources explicitly describe vulnerable software versions (ChestnutCMS v1.5.8 and earlier) and cite a template cre...

ChestnutCMS 安全漏洞

ChestnutCMS is an enterprise-level content management system developed by Liweiyi, featuring a separation between the front-end and back-end components. Versions of ChestnutCMS prior to v1.5.8 contained security vulnerabilities; these vulnerabilities stemmed from the template creation feature,...

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

PT-2026-6602

Name of the Vulnerable Software and Affected Versions ChestnutCMS versions prior to 1.5.9 Description An issue allows a remote attacker to execute arbitrary code via the template creation function. Recommendations Update to version 1.5.9 or later...