CVE-2026-20092

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration file...

PT-2026-3788

Name of the Vulnerable Software and Affected Versions Cisco Intersight Virtual Appliance affected versions not specified Description A flaw exists in the read-only maintenance shell of the appliance that may allow a local attacker with administrative privileges to gain root access. This is caused...

Path Traversal

Grav is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of the username path during user creation, where Grav writes the account YAML file to an unintended location outside user/accounts/ when a username contains path traversal sequences, allowing attackers to...

CVE-2025-66300

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

EUVD-2025-200110

Grav is vulnerable to Arbitrary File Read...

CVE-2025-66300

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

CVE-2025-66300

Grav is a file-based CMS affected by CVE-2025-66300. A low-privilege user with page-editing rights could exploit path traversal via the Frontmatter form to read server files, including Grav user accounts located at /grav/user/accounts/*.yaml, exposing password hashes, 2FA secrets, and password-re...

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

PT-2025-48559

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description A user with limited privileges and page editing access can read any server file using the "Frontmatter" form. This includes Grav user account files located at /grav/user/accounts/.yaml, which...

EUVD-2017-8008

Malware in sbrugna...

CVE-2024-34082 Grav Arbitrary File Read to Account Takeover

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...

CVE-2024-34082 Grav Arbitrary File Read to Account Takeover

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...

CVE-2020-10118

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...

QUIK email(QuarkMail)remote command execution vulnerabilities and fixes-vulnerability warning-the black bar safety net

Vulnerability Description: The QUIK e-mail（QuarkMail Beijing Xiong Zhi weiye science and Technology Company launched the e-mail system, is widely used in various areas of email solutions, webmail section Using perl cgi to write, but 80sec in their system found a major security vulnerability leads...