9 matches found
CVE-2026-44738
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets...
EUVD-2024-42778
Malicious code in bioql PyPI...
UBUNTU-CVE-2024-47094
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p22, 2.2.0p37, 2.1.0p50 EOL causes remote site secrets to be written to web log files accessible to local site users...
CVE-2022-3360
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
CVE-2022-3360
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
Design/Logic Flaw
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
EUVD-2022-42743
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...
LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...