Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.16 views

PT-2026-54048

Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...

9.8CVSS6.5AI score0.01683EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 2:50 p.m.36 views

CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

0.00154EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cachestat: fixed the permission checking for page cache statistics. When the cachestat system call was added in commit cf264e1329fb “cachestat: implement cachestat syscall”, it was intended to be a much more convenient and...

5.5CVSS6.7AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 1:11 a.m.8 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

6.1AI score0.00127EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:29 p.m.8 views

Grav has Insecure Deserialization in File Cache

Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...

5CVSS5.8AI score0.00224EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/05/05 9:29 p.m.4 views

GHSA-GWFR-JFJF-92VV Grav has Insecure Deserialization in File Cache

Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...

5CVSS5.8AI score0.00224EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/05 9:29 p.m.7 views

Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

6AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 9:29 p.m.10 views

Deserialization of Untrusted Data

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe handling of serialized data and improper input validation in multiple components, including...

9.8CVSS6.3AI score0.01683EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 9:29 p.m.4 views

GHSA-VJ3M-2G9H-VM4P Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

9.8CVSS6AI score0.01683EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 12:30 a.m.9 views

GHSA-J7RW-325J-2RMX Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

5CVSS5.1AI score0.00224EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/29 12:30 a.m.10 views

Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

5CVSS5.2AI score0.00224EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/04/28 10:16 p.m.8 views

CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/28 8:30 p.m.37 views

CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS0.00224EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Grav CMS 输入验证错误漏洞

Grav CMS is a file-based content management system developed under the open-source Grave project. Versions of Grav CMS prior to 1.7.49.5 and 2.0.0-beta.1 contain a vulnerability related to input validation errors. This vulnerability stems from a function in the component Cache Value Handler,...

5CVSS5.9AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.11 views

PT-2026-35830

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References7
Fedora
Fedora
added 2026/03/24 12:17 a.m.14 views

[SECURITY] Fedora 44 Update: python-diskcache-5.6.3-12.fc44

DiskCache is an Apache2 licensed disk and file backed cache library, written in pure-Python, and compatible with Django...

9.8CVSS7.1AI score0.00521EPSS
Exploits1
OSV
OSV
added 2026/03/06 12:41 p.m.4 views

OESA-2026-1510 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 12:41 p.m.5 views

OESA-2026-1511 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 12:41 p.m.7 views

OESA-2026-1509 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References2
Rows per page
Query Builder