Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

CVE-2026-24749

The CVE concerns the SilverStripe Assets Module (required for SilverStripe Framework). In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered via templates or accessed with DBFile::getURL() or DBFile::getSourceURL() erroneously add an access grant to the current session, bypassin...

CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

EUVD-2009-2382

Malware in sbrugna...

EUVD-2025-31380

Malicious code in bioql PyPI...

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

diyhi bbs 安全漏洞

diyhi bbs patrol cloud light forum system is a forum system for diyhi individual developers. A security vulnerability exists in diyhi bbs version 6.8 and earlier, which stems from improper manipulation of the Host parameter in the getUrl function of the HTTP header processing component, which cou...

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API...

CVE-2021-45980

Foxit PDF Reader and PDF Editor for macOS are affected by CVE-2021-45980 (pre-11.1). The vulnerability allows remote code execution through the getURL function in the JavaScript API. Exploitation details are not expanded beyond the remote code execution vector in the sources, so practical exploit...

Foxit PDF Reader 注入漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. An injection vulnerability exists in Foxit PDF Reader and PDF Editor on macOS that allows remote attackers to execute arbitrary code via a getURL in the JavaScript API...

CVE-2021-40728

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...

Adobe Acrobat < 17.011.30204 / 20.004.30017 / 21.007.20099 Multiple Vulnerabilities (APSB21-104)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.011.30204, 20.004.30017, or 21.007.20099. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and...

RHEL 7 : pki-core (RHSA-2021:0975)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0975 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core:...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-15080)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

CVE-2018-14262

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getU...

CVE-2018-14262

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getU...

Type confusion

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getU...

CVE-2018-14262

CVE-2018-14262 affects Foxit Reader (example affected build: 9.0.1.1049). The root cause is a type confusion in the getURL method that can be triggered through JavaScript actions, allowing remote code execution with the attacker’s code running in the current process context. User interaction is r...

Foxit Reader getURL Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. ...

Foxit Reader getURL Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method...