32 matches found
SUSE CVE-2026-32704
SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...
GO-2026-4700 SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
Active Debug Code
Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...
EUVD-2026-14515
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground...
GHSA-M59H-42JF-CPHR Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131
The CVE concerns the Sprig Plugin for Craft CMS. Versions 2.0.0 up to, but not including, 2.15.2 and 3.15.2 expose a risk where admin users or those with Sprig Playground access could reveal the security key, credentials, and other sensitive configuration data, and could also run the hashData() s...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-27131 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
PT-2026-27177
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞
PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...
Listmonk Insecure Sprig Template Functions Environment Disclosure
This module exploits insecure Sprig template functions in Listmonk versions prior to v5.0.2. The env and expandenv functions are enabled by default, allowing authenticated users with campaign permissions to extract sensitive environment variables via campaign preview. Module Options msf use...
EUVD-2025-17462
Malicious code in bioql PyPI...
Malicious code in @malware-test-imbue-sprig-raked-honey/test-mlw3-imbue-sprig-raked-honey (npm)
The package @malware-test-imbue-sprig-raked-honey/test-mlw3-imbue-sprig-raked-honey was found to contain malicious code...
MAL-2025-8723 Malicious code in @malware-test-imbue-sprig-raked-honey/test-mlw3-imbue-sprig-raked-honey (npm)
The package @malware-test-imbue-sprig-raked-honey/test-mlw3-imbue-sprig-raked-honey was found to contain malicious code...
Malicious code in test-mlw2-sprig-wails (npm)
The package test-mlw2-sprig-wails was found to contain malicious code...