CVE-2026-41517

CVE-2026-41517 affects Emlog, an open source website building system. The vulnerability arises from an insecure plugin upload function in versions before 2.6.11, allowing an attacker to upload and execute arbitrary PHP code on the server, yielding complete server compromise and enabling a persist...

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection in critical management functions, which could allow attackers to trick...

CVE-2025-64438

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...

ansible: Information disclosure in vvv+ mode with no_log on

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...

Moodle site-wide event monitoring rule subscription vulnerability

Moodle is an open source web-based teaching and learning application. Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 suffer from a security vulnerability in the site-wide rules in the event monitoring tool that allows remote, authenticated attackers to subscribe to event monitoring rules...