CVE-2024-8494

The CVE concerns Elementor Website Builder Pro for WordPress. Affected: all versions up to and including 3.25.10. Issue: authenticated attackers with Contributor+ access can exploit the elementor-template shortcode to exfiltrate sensitive information from Private, Pending, and Draft Templates (Se...

CVE-2025-24367 Cacti allows Arbitrary File Creation leading to RCE

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

CVE-2025-22605 Coolify OS Command Injection Vulnerability in SSH Command Generation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local...

CVE-2025-24353

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

AZL-55644 CVE-2024-53263 affecting package git-lfs for versions less than 3.5.1-4

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...

AZL-55736 CVE-2024-55916 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP or VSS daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hvutils: Registering HyperV Utility Drive...

CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of queryoperator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addi...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2024-55605

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...

CVE-2024-51479 Authorization bypass in Next.js

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...

CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

CVE-2024-53273

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in RegisterLoginReset.vue contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious...

CVE-2024-55658 SiYuan has an arbitrary file read and path traversal via /api/export/exportResources

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversi...

CVE-2024-55658 SiYuan has an arbitrary file read and path traversal via /api/export/exportResources

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversi...

CVE-2024-55657 SiYuan has an arbitrary file read via /api/template/render

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

CVE-2024-54152

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...