cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23966 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2025-53621 via org.dspace:dspace-api (=7.0-preview-1)

org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)

org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

Path traversal

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution Vulnerability

Exploit for php platform in category web applications Drupal FALSE; instead of the standard unserialize$values'options';. As for all FieldItemBase subclasses, LinkItem references a property type. Shortcut uses this property type, for a property named link. Triggering the unserialize Having all...

Drupal &lt; 8.6.10 / &lt; 8.5.11 - REST Module Remote Code Execution

Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short raises an exception if a string is provided for a value...

PT-2019-18086 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 8.5.x before 8.5.11 Drupal versions 8.6.x before 8.6.10 Description: Some field types do not properly sanitize data from non-form sources in Drupal. This can lead to arbitrary PHP code execution in some cases. A site is only...