224 matches found
CVE-2026-22254
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
The Librarian security vulnerability
The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve content from the Adminer interface, potentially allowing access to internal backend systems...
CVE-2026-23495
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...
CVE-2026-23495
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...
CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...
PT-2026-2475
Backend users with access to the redirects module and write permission on the sys redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URL...
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06...
CVE-2019-12517
An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
CVE-2025-12636
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...
EUVD-2021-0040
Malware in sbrugna...
EUVD-2021-21230
Malware in sbrugna...
EUVD-2010-5008
Malware in sbrugna...
EUVD-2018-8440
Malware in sbrugna...
EUVD-2007-3479
Malware in sbrugna...
EUVD-2019-0804
Malware in sbrugna...
EUVD-2024-3132
Malicious code in bioql PyPI...
EUVD-2022-5502
Malicious code in bioql PyPI...
EUVD-2021-30487
Malicious code in bioql PyPI...
EUVD-2022-26446
Malicious code in bioql PyPI...