424 matches found
CVE-2026-56290
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
EUVD-2026-40121
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290
CVE-2026-56290 affects Joomla Page Builder CK (com_pagebuilderck). The root cause is an unauthenticated file upload path via browse.ajaxAddPicture that accepts a user-controlled destination with only trivial sanitization and no authentication gate, enabling an attacker to upload PHP/executable fi...
PT-2026-53285
Name of the Vulnerable Software and Affected Versions Page Builder CK extension for Joomla versions prior to 3.6.0 Description An unauthenticated arbitrary file upload flaw exists in the Page Builder CK extension for Joomla due to improper access control and insufficient server-side restrictions ...
PT-2026-46198
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck config cookie parameter. Attackers can inject malicious SQL through the ck config cookie in multiple endpoints including login.php,...
cyber-operation-lab
Full-Spectrum Cyber Operation Lab: Red Team Execution & Blue T...
DRUPAL-CONTRIB-2026-011
This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...
EUVD-2025-30721
Malicious code in bioql PyPI...
EUVD-2024-52527
Malicious code in bioql PyPI...
EUVD-2024-35514
Malicious code in bioql PyPI...
DNN 安全漏洞
DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. A security vulnerability exists in versions prior to DNN 10.1.0, which stems from...
Malicious code in @zalastax/nolb-node-ck (npm)
The package @zalastax/nolb-node-ck was found to contain malicious code...
MAL-2025-10917 Malicious code in @zalastax/nolb-ck (npm)
The package @zalastax/nolb-ck was found to contain malicious code...
MAL-2025-12608 Malicious code in @zalastax/nolb-node-ck (npm)
The package @zalastax/nolb-node-ck was found to contain malicious code...
Malicious code in @zalastax/nolb-ck (npm)
The package @zalastax/nolb-ck was found to contain malicious code...
OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...
Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates
Kali Linux 2025.1c includes a new signing key to fix update errors, adds new tools, a redesigned menu with MITRE ATT&CK, and major system upgrades...