EUVD-2026-12504

Craft CMS vulnerable to behavior injection RCE via EntryTypesController...

Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

EUVD-2026-12401

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

EUVD-2026-12273

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-4200

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

CVE-2026-4234 SSCMS DDL SitesAddController.Submit.cs sql injection

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

CVE-2026-4200

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

PT-2026-29735

Name of the Vulnerable Software and Affected Versions Customer Managed ShareFile Storage Zones Controller affected versions not specified Description An issue in the Customer Managed ShareFile Storage Zones Controller exists due to improper access control. This allows an unauthenticated remote...

SSCMS SQL注入漏洞

SSCMS SiteServerCMS is a content management system developed by SSCMS Corporation in China. Version 7.4.0 of SSCMS contains an SQL injection vulnerability. This vulnerability stems from improper handling of the tableHandWrite parameter in the SitesAddController.Submit.cs file of the DDL Handler...

glowxq-oj 代码问题漏洞

Glowxq-oj is an online problem-solving system developed by Glowxq’s individual developers, which supports multi-language evaluations and engaging programming activities. There are code vulnerabilities in Glowxq-oj. These vulnerabilities stem from incorrect operations on the function...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...

PT-2026-25576

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

glowxq-oj 代码问题漏洞

Glowxq-OJ is an online problem-solving system developed by Glowxq’s individual developers, which supports multi-language evaluations and engaging programming activities. There are code vulnerabilities in Glowxq-OJ. These vulnerabilities stem from incorrect operations related to the function Uploa...

PT-2026-25805

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

PT-2026-25804

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.6.0 through 5.9.10 Description Craft CMS is a content management system. A flaw exists where the $settings array from parse str is passed directly to Craft::configure without proper sanitization using...

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

EUVD-2026-12173

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...