19 matches found
CVE-2026-41177
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...
Squidex 安全漏洞
Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the Restore API not verifying the URI scheme of the URL parameters provided by users. The use of the file:// protoco...
UBUNTU-CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
BIT-MOODLE-2025-67847 Moodle: moodle: remote code execution via insufficient restore input validation
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
Linux Distros Unpatched Vulnerability : CVE-2025-67847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient...
GHSA-XVMH-25JW-GMMM Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
UBUNTU-CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
CVE-2025-67847 : Moodle contains a flaw where an attacker with access to the restore interface can trigger server-side code execution due to insufficient validation of restore input. This leads to unintended interpretation by core restore routines and could result in a full compromise of the Mood...
CVE-2025-67847 Moodle: moodle: remote code execution via insufficient restore input validation
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847 Moodle: moodle: remote code execution via insufficient restore input validation
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
CVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...
PT-2026-4322
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle that allows an attacker with access to the restore interface to trigger server-side execution of arbitrary code. This is caused by inadequate validation of restore inpu...
Design/Logic Flaw
The web-restore interface in Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation...
CVE-2013-0944
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL...