GHSA-QQFQ-7CPP-HCQJ Contao does not properly manage privileges for page and article fields

Impact Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds None. For more information If you have any questions or comments about this advisory, open an issue in...

CVE-2025-54541

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

CVE-2025-54541 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

Linux Distros Unpatched Vulnerability : CVE-2021-21435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x...

Linux Distros Unpatched Vulnerability : CVE-2019-16375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacke...

CVE-2025-7776

creationtimestamp| type| source ---|---|--- 2025-08-26 12:04:41+00:00| seen| https://www.cert.at/de/warnungen/2025/8/citrix-netscaler-adc-schwachstellen-cve-2025-7775 2025-08-26 13:25:27+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115095288317401393 2025-08-26 15:29:00+00:00| seen|...

CVE-2025-57805

CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406 xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406

A vulnerability is identified in xuhuisheng lemon up to 1.13.0 affecting the uploadImage function in CmsArticleController.java (com.mossle.cms.web.CmsArticleController.uploadImage). The Upload argument is manipulated to enable unrestricted uploads, with remote initiation and a publicly available ...

PT-2025-34592 · Unknown · Xuhuisheng Lemon

Name of the Vulnerable Software and Affected Versions: xuhuisheng lemon versions through 1.13.0 Description: A weakness exists in xuhuisheng lemon up to version 1.13.0. This issue affects the uploadImage function within the CmsArticleController.java file, specifically in the...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS version 1.2.6, which originates from the presence of cross-site scripting in index.phpparticle, which may lead to the execution of arbitrary code...

The Scratch Channel 输入验证错误漏洞

The Scratch Channel is a project site of The Scratch Channel open source. An input validation error vulnerability exists in The Scratch Channel versions 1 and 1.1, which stems from insufficient validation of article publishing endpoint permissions, and could lead to unauthorized publishing of...

PT-2025-34666 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: FoxCMS version 1.2.6 contains a Cross Site Scripting issue in the /index.php/article endpoint. This allows attackers to execute arbitrary code. Recommendations: As a temporary workaround, consider restricting...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...

CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code...