CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited file upload feature in the plugin...

CVE-2026-41343

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

CVE-2026-39339

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...

CVE-2026-39339

CVE-2026-39339 describes a critical authentication bypass in ChurchCRM prior to version 7.1.0. An unauthenticated attacker can access all protected API endpoints by including meaningful strings like "api/public" anywhere in the request URL, exposing church member data and system information. The ...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2024-43788)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43788 advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a...

Exploit for CVE-2025-61183

CVE-2025-61183 Stored XSS in User Avatar Upload via Unsafe S...

MAL-2025-39032 Malicious code in webpack-public-path-plugin (npm)

The package webpack-public-path-plugin was found to contain malicious code...

webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule

A DOM Clobbering vulnerability was found in Webpack via AutoPublicPathRuntimeModule. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the...

DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

...

PT-2024-40181 · Webpack · Webpack

Name of the Vulnerable Software and Affected Versions: Webpack versions affected versions not specified Description: A DOM Clobbering vulnerability was discovered in Webpack's AutoPublicPathRuntimeModule, which can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled...

DEBIAN-CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

AZL-48365 CVE-2024-43788 affecting package python-tensorboard for versions less than 2.16.2-3

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

UBUNTU-CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

PT-2024-30657 · Webpack +2 · Webpack +2

Name of the Vulnerable Software and Affected Versions: Webpack versions prior to 5.94.0 Description: A DOM Clobbering vulnerability has been discovered in Webpack's AutoPublicPathRuntimeModule. This vulnerability can lead to cross-site scripting XSS in web pages where scriptless attacker-controll...

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path...

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

Cross-Site Scripting (XSS)

The mndpsingh287 file manager plugin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the publicpath parameter in the wpfilemanagerroot page...

CVE-2018-16966

There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

CVE-2018-16967

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...