378 matches found
Vtiger CRM v7.2.0 - Directory Listing
Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...
CVE-2026-48951
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
CVE-2026-48951
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
CVE-2026-48951 Joomla! Core - [20260705] - XSS in various modalreturn layouts
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
CVE-2026-48951
CVE-2026-48951 relates to the Joomla! Core vulnerability described as “XSS in various modalreturn layouts” caused by a lack of escaping. The connected documents explicitly indicate Joomla core as affected and reference modalreturn layouts as the vulnerable component area. The NVD entry provides a...
EUVD-2026-42063
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
CVE-2026-48951
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
CVE-2026-48951 Joomla! Core - [20260705] - XSS in various modalreturn layouts
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...
PT-2026-56224
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in modalreturn layouts of various components allows for Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites. Recommendations...
CVE-2026-25268
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
EUVD-2026-41932
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
CVE-2026-25268
The CVE-2026-25268 issue is a stack-based buffer overflow in WLAN Host caused by memory corruption when processing invalid HT40 channel layouts during dynamic channel switching. Affects WLAN Host with a Local attack vector, requiring Low privileges and no user interaction, and with a changed scop...
CVE-2026-25268
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
CVE-2026-25268 Stack-based Buffer Overflow in WLAN Host
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
PT-2026-55994
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when processing invalid HT40 channel layouts during dynamic channel switching operations. HT40 refers to a High Throughput mode in wireless networking tha...
CVE-2026-53336
In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...
CVE-2026-53336
CVE-2026-53336 (nvmem: layouts: onie-tlv) : A Linux kernel vulnerability where the nvmem onie-tlv parser could hang when encountering an unknown vendor-specific entry type (example 0x41) in EEPROM. The root cause was an endless loop in the parser. The published fix increments the offset for unkno...
CVE-2026-31956
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...