CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

EUVD-2026-26154

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

CVE-2026-7317

Grav CMS (up to 1.7.49.5/2.0.0-beta.1) contains a deserialization vulnerability in FileCache::doGet (Cache Value Handler, file system/src/Grav/Framework/Cache/Adapter/FileCache.php). The issue allows remote exploitation with high complexity and a publicly available exploit. Upgrading to version 2...

CLSA-2026-1777393624 Fix CVE(s): CVE-2026-28390

SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the optional pSourceFunc parameters field is omitted from a KeyTransportRecipientInfo, leading to a denial of service. - debian/patches/CVE-2026-28390.patch: check plab-parameter for NULL before accessing its type field in...

CLSA-2026-1777370059 wireshark: Fix of 7 CVEs

CVE-2021-4181: sysdig event dissector SIGSEGV fix - CVE-2021-4182: rfc7468 file parser infinite loop fix - CVE-2021-4184: bt-dht endless loop fix - CVE-2021-4186: gryphon NULL pktinfo dereference fix - CVE-2021-4190: kafka dissector varint strictness fix - CVE-2022-0581: cms dissector...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Versions of FUEL CMS prior to 1.5.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the asset upload feature not properly cleaning up uploaded SVG files, allowing...

CVE-2026-38948

CVE-2026-38948 affects FUEL CMS

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

PT-2026-35746

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

Grav CMS 输入验证错误漏洞

Grav CMS is a file-based content management system developed under the open-source Grave project. Versions of Grav CMS prior to 1.7.49.5 and 2.0.0-beta.1 contain a vulnerability related to input validation errors. This vulnerability stems from a function in the component Cache Value Handler,...

EUVD-2026-26063

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

PT-2026-35830

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Little CMS vulnerability (USN-8209-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8209-1 advisory. It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause...

CVE-2026-44010

creationtimestamp| type| source ---|---|--- 2026-04-27 20:09:30+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-gj2p-p9m4-c8gw 2026-05-14 12:17:47+00:00| seen|...

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2026-7014

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

JLSEC-2026-275

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...