CVE-2026-33687

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

CVE-2026-33687

Sharp (code16/sharp) is a Laravel package where versions before 9.20.0 have an Arbitrary File Upload vulnerability in ApiFormUploadController. A client-controlled validation_rule is passed directly to Laravel’s validator, allowing an attacker to bypass all MIME type and file extension checks (e.g...

CVE-2026-3211

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

CVE-2026-4056

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API endpoints in versions 5.0.1 through 5.1.4. This is due to the checkpermissions method only checking for editposts...

CVE-2026-32126

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2019-25637

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...

FreeBSD-SA-26:09.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:09.pf Security Advisory The FreeBSD Project Topic: pf silently ignores certain rules Category: core Module: pf Announced: 2026-03-25 Credits: Michael Gmelin...

GHSA-FR76-5637-W3G9 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

EUVD-2026-15467

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

CVE-2026-3104

A flaw was found in the BIND resolver. A remote attacker can exploit this vulnerability by querying a specially crafted domain, which causes a memory leak. This memory leak can lead to a Denial of Service DoS condition, making the BIND resolver unavailable to legitimate users. Mitigation To...

CVE-2026-3211

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

CVE-2026-3211

The CVE-2026-3211 entry concerns Drupal Theme Negotiation by Rules, affecting versions prior to 1.2.1. The vulnerability is a Cross-Site Request Forgery (CSRF) that leverages the module’s ability to render pages with theme_rule configs. The root cause is exposure via a GET request that can enable...

CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

FreeBSD -- pf silently ignores certain rules

Problem Description: A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed...

FreeBSD Security Advisory - FreeBSD-SA-26:09.pf

FreeBSD Security Advisory - pf silently ignores certain rules. A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from unvalidated overlap of open intervals, potentially allowing bypasses in the validation of collection...

Drupal Theme Negotiation by Rules 安全漏洞

Drupal Theme Negotiation by Rules is a content management system module developed by Drupal that dynamically selects website theme styles based on rules. Versions of Drupal Theme Negotiation by Rules prior to 1.2.1 contained security vulnerabilities, which were caused by susceptibility to...

EUVD-2019-20014

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...