CVE-2026-42607

CVE-2026-42607 (Grav) : An authenticated admin can achieve Remote Code Execution by uploading a malicious ZIP via the Direct Install tool. The ZIP contents are not inspected before extraction, allowing arbitrary PHP execution or dropping a web shell. This affects Grav’s Admin plugin and the Grav ...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

MojoPortal CMS 安全漏洞

MojoPortal CMS is a content management system developed by MojoPortal Corporation. Version 2.9.0.1 of MojoPortal CMS has a security vulnerability. This vulnerability stems from a zip slip vulnerability present in the /DesignTools/SkinList.aspx endpoint, which may allow arbitrary commands to be...

CVE-2025-60786

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-60786

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

Schneider Electric StruxureOn Gateway Remote Code Execution Vulnerability

Schneider Electric StruxureOn Gateway is a security gateway software from Schneider Electric France. The software is able to manage network devices and provide monitoring and alarm services through the data center. A remote code execution vulnerability exists in Schneider Electric StruxureOn...