PT-2026-21834

Name of the Vulnerable Software and Affected Versions Rollup versions prior to 2.80.0 Rollup versions prior to 3.30.0 Rollup versions prior to 4.59.0 Description Rollup, a JavaScript module bundler, contains a flaw due to insecure file name sanitization in its core engine. This allows an attacker...

Osmedeus Core Engine 安全漏洞

Osmedeus Core Engine is a workflow engine for offensive security by the individual developer Ai Ho. A security vulnerability exists in Osmedeus Core Engine version 4.6.4 and earlier, which stems from improper file content filtering and is vulnerable to cross-site scripting attacks, and may also...

CVE-2024-40794

This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication...

XSS Vulnerability in Oceanis Cloud Browser

Oceanis Cloud Browser is a cross-platform cloud service browser with a dual-core engine developed by Maxthon. An XSS vulnerability exists in Oceanis Cloud Browser, which can be exploited by attackers to implant cross-site code and obtain sensitive information such as user cookies...

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...

Drupal Patches Critical Access Bypass Bug

Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...

Drupal Closes Access Bypass Vulnerability in Core Engine

A critical vulnerability in the Drupal Core engine was addressed in an update released Wednesday. Drupal engineers are calling it an access bypass vulnerability and said a Drupal-based website is vulnerable only under certain conditions, including whether a site has the RESTful Web Services modul...

Drupal Fixes 'Moderately Critical' Vulnerabilities in Core Engine

The Drupal Security Team fixed a handful of issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service condition. Drupal SA-CORE-2016-005 – Moderately Critical Update to Drupal core 7....

Drupal Patches Three Vulnerabilities in Core Engine

Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical, according to an advisory posted by the Drupal security team. Versions 8.x of the Drupal core are affected, and users are advised to upgrade to 8.1.10. Drupal is op...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...

clevercopyXSS.txt

Clevercopy is an open source content management system with the core engine available for free and some add-ons available for purchase. Its website is at http://clevercopy.bestdirectbuy.com/ Clevercopy suffers from a Cross Site scripting XSS vulnerability;...