43544 matches found
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS. This vulnerability allows authenticated backend users to retrieve file metadata through multiple backend API routes, without proper permission checks. As a...
OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1zh. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1zh advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...
OpenSSL 代码问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...
UBUNTU-CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
TYPO3 CMS SQL注入漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions of TYPO3 CMS from 14.0.0 to 14.3.3 contain SQL injection vulnerabilities. These vulnerabilities stem from backend users who have database table writing privileges and can directly create, update, or...
UBUNTU-CVE-2026-9076
Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...
TYPO3 CMS 代码问题漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...
OpenSSL 1.0.2 < 1.0.2zq Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2zq. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zq advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...
MiracleLinux 8 : compat-openssl10-1.0.2o-4.el8_10.2 (AXSA:2026-770:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-770:01 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding...
OpenSSL 4.0.0 < 4.0.1 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 4.0.1 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2258)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2221)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...
EUVD-2026-35081
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656
Bludit CMS versions prior to 3.22.0 are affected by a Broken Access Control issue where active sessions remain valid after the corresponding user account is deleted (the “Ghost Session”). This allows revoked users to maintain full unauthorized access. The issue is fixed in version 3.22.0. Affecte...
CVE-2026-11511
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
EUVD-2026-35059
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
CVE-2026-11511
The CVE-2026-11511 affects Bolt CMS up to version 3.7.5, specifically a weakness in the file src/Storage/Field/Type/TextType.php within the HTML Attribute Handler. The issue enables remote HTML injection when an attacker manipulates the argument style. It is exploitable remotely and an exploit ha...
Web_Vulnerability_Assessment
🕸️ Week 03 — Web Vulnerability Assessment & Exploitation In...