8 matches found
CVE-2026-41656
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
CVE-2026-41656
CVE-2026-41656 (Admidio) : Prior to 5.0.9, the add mode of modules/documents-files.php accepts a name parameter with only string-based HTML encoding validation, allowing path traversal (../) and, combined with absent CSRF protection and SameSite=Lax cookies, enables a low-privilege attacker to tr...
CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read
Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...
PT-2026-37140
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists in the 'add' mode of the 'modules/documents-files.php' endpoint where the name parameter is validated only as a string, allowing path traversal characters such as ../ to pass...
Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38214)
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...
Backup proxy that uses Virtual Appliance (HotAdd) mode and is installed on Microsoft Windows 2019 shows "Restart Required" message
Challenge When you log in to the Veeam backup proxy server interactively following the execution of a job using the hot add transport mode, you may get a notification from the OS prompting to restart the server. The notification can be one of the following: Your PC needs to be restarted to finish...