Exploit for CVE-2026-33137

CVE-2026-33137 XWiki Platform - Unauthenticated XAR Import...

GHSA-W4RC-P66M-X6QQ Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

CVE-2026-34213

Docmost (open-source wiki/docs) is affected from v0.3.0 up to v0.70.x. The vulnerability is an improper authorization flaw that allows a low-privileged authenticated user to overwrite another page’s attachment in the same workspace by supplying attachmentId to POST /api/files/upload. Impact is a ...

SUSE CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmdmkdirty in the touchpmd function inside the THP implementation. touchpmd can be reached by getuserpages. In such case, the pmd will become dirty. This scenario breaks the new canfollowwritepmd's logic - pmd can become dirt...

CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...