359 matches found
Vtiger CRM v7.2.0 - Directory Listing
Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
PT-2026-42535
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: dm raid: Fixed access issues beyond the end of the raid member array. When the dm-raid table is loaded using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is determined by the...
WordPress Product Layouts for WooCommerce plugin <= 1.3.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Product Layouts for Woocommerce Product Gallery, Product Showcase, Layout Design, Category Tabs, Product Slider, Product Grid, Product Table versions = 1.3.1...
[SECURITY] Fedora 44 Update: qt6-qtvirtualkeyboard-6.10.3-1.fc44
The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...
Path Traversal
LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the path-based check for partial and layout roots, where a symlink to a file outside the allowed root can be loaded if it is placed inside an allowed partials or layouts directory, and attackers can exploit this by placing...
Linux Distros Unpatched Vulnerability : CVE-2026-40021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout- list and XmlLayoutSchemaLog4J...
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...
GHSA-56P5-8MHR-2FPH LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...
CVE-2026-33157
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
CVE-2026-33157
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
CVE-2026-33157
Craft CMS 5.x (5.6.0–5.9.12) is vulnerable to authenticated Remote Code Execution via malicious attached behavior, due to un sanitized fieldLayouts in ElementIndexesController::actionFilterHud() feeding FieldLayout::createFromConfig(). The bug chain bypasses a prior fix that cleansed inputs with ...
CVE-2026-33157
Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...
GHSA-2FPH-6V5W-89HH Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior
Summary A Remote Code Execution RCE vulnerability exists in Craft CMS 5.x and 4.x that bypasses the security fixes for GHSA-7jx7-3846-m7w7 and GHSA-255j-qw47-wjh5. This vulnerability can be exploited by any authenticated user with control panel access. The existing patches add cleanseConfig to...
Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior
Summary A Remote Code Execution RCE vulnerability exists in Craft CMS 5.x and 4.x that bypasses the security fixes for GHSA-7jx7-3846-m7w7 and GHSA-255j-qw47-wjh5. This vulnerability can be exploited by any authenticated user with control panel access. The existing patches add cleanseConfig to...
PT-2026-27462
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.x through 5.9.12 Description Craft CMS contains a Remote Code Execution RCE issue that bypasses previous security fixes. This allows any authenticated user with control panel access to potentially execute arbitrary code. T...