952 matches found
CVE-2026-23989 REVA Public Link Exploit
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...
Monstra CMS 安全漏洞
Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...
CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...
Tandoor Recipes: Security Vulnerabilities
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes from 23.05 to 26.05 contained security vulnerabilities. These vulnerabilities stemmed from the default configuration, where database files...
CVE-2025-67303
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...
Kings KESS Enterprise 安全漏洞
Kings KESS Enterprise is an endpoint security management and document encryption system from the Korean company Kings. A security vulnerability exists in previous versions of Kings KESS Enterprise .25.9.19.Exe, which stems from the exposure of sensitive information, lack of encryption, and...
PbootCMS 安全漏洞
PbootCMS is a PbootCMS open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which originates from an unknown function misoperation in the SQLite database component in file...
📄 FuguHub 8.1 RSA Private Key Disclosure
A web-accessible documentation file in FuguHub version 8.1 was found to contain an embedded RSA private key paired with an X.509 certificate. The affected file resides within an examples directory and is intended solely for demonstration purposes...
📄 C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload
C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview @storybook/core-common is a Storybook framework-agnostic API Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive environment variables by...
CVE-2025-14159
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
EUVD-2025-203077
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for...