1781 matches found
CVE-2026-41887
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
CVE-2026-41887
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
EUVD-2026-28804
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
CVE-2026-41887
The CVE-2026-41887 entry affects Flarum core prior to versions 1.8.16 and 2.0.0-rc.1, where values assigned to LESS-configurable settings (e.g., theme_primary_color/theme_secondary_color) are interpolated into LESS at compile time. An authenticated administrator can inject an arbitrary @import, e...
CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...
Vim 操作系统命令注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0383 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the netrw standard plugin, which allowed for OS command injection. This could...
CVE-2025-62345
Technical details for CVE-2025-62345 are not publicly provided in the supplied documents; no affected versions, exploit information, or remediation details are included. Monitor for updates.
CVE-2026-34293 affecting package mysql for versions less than 8.0.46-1
CVE-2026-34293 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
SUSE CVE-2026-31649
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbofrm chain-mode implementation unconditionally computes len = nopagedlen - bmax; where nopagedlen = skbheadlenskb linear bytes only and bmax is BUFSIZE8KiB or BUFSIZE2KiB...
Server-side Request Forgery (SSRF)
Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the interpolation of unvalidated LESS config variables during CSS compilation. An attacker can access arbitrary files on the server or...
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...
GHSA-XJVC-PW2R-6878 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...
PT-2026-37157
Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.16 Flarum versions prior to 2.0.0-rc.1 Description An authenticated administrator can inject an arbitrary @import directive into the compiled forum.css file. This occurs because settings registered as LESS config...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
CVE-2026-40164 affecting package jq for versions less than 1.7.1-5
CVE-2026-40164 affecting package jq for versions less than 1.7.1-5. A patched version of the package is available...
PT-2026-34002
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
WordPress WowShipping Pro plugin < 1.0.8 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin WowShipping Pro versions 1.0.8...
CVE-2026-23228 affecting package kernel for versions less than 5.15.202.1-1
CVE-2026-23228 affecting package kernel for versions less than 5.15.202.1-1. An upgraded version of the package is available that resolves this issue...