Lucene search
K

1781 matches found

NVD
NVD
added 2026/05/08 5:16 p.m.22 views

CVE-2026-41887

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS0.00404EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 3:50 p.m.8 views

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:50 p.m.7 views

CVE-2026-41887

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

6.6CVSS6.3AI score0.00851EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/08 3:50 p.m.10 views

EUVD-2026-28804

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

6.6CVSS6.3AI score0.00851EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 3:50 p.m.23 views

CVE-2026-41887

The CVE-2026-41887 entry affects Flarum core prior to versions 1.8.16 and 2.0.0-rc.1, where values assigned to LESS-configurable settings (e.g., theme_primary_color/theme_secondary_color) are interpolated into LESS at compile time. An authenticated administrator can inject an arbitrary @import, e...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 3:50 p.m.35 views

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS0.00404EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0383 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the netrw standard plugin, which allowed for OS command injection. This could...

4.4CVSS6.1AI score0.00774EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 11:49 a.m.14 views

CVE-2025-62345

Technical details for CVE-2025-62345 are not publicly provided in the supplied documents; no affected versions, exploit information, or remediation details are included. Monitor for updates.

2.7CVSS5.8AI score0.00218EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/04/27 9:30 p.m.15 views

CVE-2026-34293 affecting package mysql for versions less than 8.0.46-1

CVE-2026-34293 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...

4.9CVSS7.7AI score0.00323EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/25 1:37 a.m.6 views

SUSE CVE-2026-31649

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbofrm chain-mode implementation unconditionally computes len = nopagedlen - bmax; where nopagedlen = skbheadlenskb linear bytes only and bmax is BUFSIZE8KiB or BUFSIZE2KiB...

7.5CVSS6.1AI score0.00406EPSS
Exploits0References23
Snyk
Snyk
added 2026/04/22 8:34 p.m.4 views

Server-side Request Forgery (SSRF)

Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the interpolation of unvalidated LESS config variables during CSS compilation. An attacker can access arbitrary files on the server or...

6.9CVSS5.8AI score0.00404EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 8:34 p.m.14 views

Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...

6.6CVSS5.9AI score0.00851EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/22 8:34 p.m.6 views

GHSA-XJVC-PW2R-6878 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...

4.9CVSS5.9AI score0.00851EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.15 views

PT-2026-37157

Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.16 Flarum versions prior to 2.0.0-rc.1 Description An authenticated administrator can inject an arbitrary @import directive into the compiled forum.css file. This occurs because settings registered as LESS config...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/21 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...

6.9CVSS5.9AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 4:16 p.m.27 views

CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS0.00246EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/04/21 1:37 a.m.3 views

CVE-2026-40164 affecting package jq for versions less than 1.7.1-5

CVE-2026-40164 affecting package jq for versions less than 1.7.1-5. A patched version of the package is available...

7.5CVSS5.8AI score0.00366EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.14 views

PT-2026-34002

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS5.9AI score0.00246EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/17 8:28 a.m.7 views

WordPress WowShipping Pro plugin < 1.0.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WowShipping Pro versions 1.0.8...

5.8AI score
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2026/04/14 6:44 p.m.4 views

CVE-2026-23228 affecting package kernel for versions less than 5.15.202.1-1

CVE-2026-23228 affecting package kernel for versions less than 5.15.202.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00118EPSS
Exploits0
Rows per page
Query Builder