4 matches found
CVE-2026-47137
A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...
CVE-2026-39346
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
EZSA-2018-006 XSS vulnerability in 'disabled module' error template
More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template...
SA-CONTRIB-2013-093 - Invitation - Access Bypass
The Invitation module restricts registration to users who have an invite code for running a private beta. The module provides default views that don't check access to views prior to displaying private information like usernames and email addresses. CVE identifiers issued CVE-2013-7063 Versions...