CVE-2026-7182

The CVE concerns Diagram’s export module vulnerability to Path Traversal via the src attribute due to insufficient HTML sanitization. An unauthenticated attacker could craft HTML payloads that access local server files and cause them to be displayed in the generated PDF. The issue is mitigated by...

CVE-2023-53908

CVE-2023-53908 affects Belden HiSecOS 04.0.01. A privilege-escalation flaw allows authenticated users to modify their access role via crafted XML in NETCONF payloads sent to the /mops_data endpoint, elevating to administrative level. Affected component: XML-based NETCONF configuration handling; r...

CVE-2022-45133

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload...

CVE-2023-32171

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...