CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

Emlog-v2.6.9-Vulnerability-Report

Emlog-v2.6.9-Vulnerability-Report CVE ID: REQUESTED D...

GHSA-X8JC-JVQM-PM3F File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

EUVD-2022-5313

Malicious code in bioql PyPI...

Joomla! XSS in Default Templates

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

GHSA-V84J-VH7X-G7J6 Joomla! XSS in Default Templates

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

Joomla! 3.x < 3.9.26 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.26. It is, therefore, affected by multiple vulnerabilities. - Inadequate escaping allowed Cross-Site Scripting XSS using the logo parameter of the default templates on error pages...

[20210401] - Core - Escape xss in logo parameter error pages

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages...

Cross site scripting

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

[20190901] - Core - XSS in logo parameter of default templates

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

Vignette 4.x/5.0 Memory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7684/info Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which may...

Vignette 4.x5.0 - Memory Disclosure

Vignette 4.x5.0 - Memory Disclosure source: https://www.securityfocus.com/bid/7684/info Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which m...

Vignette 4.x/5.0 - Memory Disclosure

source: https://www.securityfocus.com/bid/7684/info Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which may cause data from adjacent memory t...