CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

EUVD-2026-9968

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

PT-2025-39294

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description The application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses these files using SnakeYAML's load or loadAs method without input sanitization...

Open Networking Foundation ONOS 跨站脚本漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS versions 1.9.0 through 2.7.0. An attacker exploited the...

PT-2023-22535 · Open Networking Foundation · Onos

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation ONOS versions 1.9.0 through 2.7.0 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter or...

Github developer-be 代码问题漏洞

Edgegallery developer-be is a developer platform that provides development tools/testing environment/online deployment for App developers, divided into two parts: developer-be is the backend part, providing interface calls, and developer-fe is the frontend part, providing interface display...