44 matches found
SQL Injection in extension "News system" (news)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-010...
CVE-2026-8726
CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...
CVE-2026-33632
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...
CVE-2026-33632
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...
CVE-2026-33632 ClearanceKit: opfilter policy bypass via exchangedata and clone operations
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...
EUVD-2026-16373
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...
CVE-2026-33632 ClearanceKit: opfilter policy bypass via exchangedata and clone operations
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...
PT-2026-28501
Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 4.2.4 Description ClearanceKit monitors file system access events on macOS and enforces access policies on a per-process basis. Before version 4.2.4, two file operation event types—ES EVENT TYPE AUTH EXCHANGEDATA...
CVE-2026-2965
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...
CVE-2026-2965 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...
CVE-2026-2965 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...
PT-2026-21489
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...
Metasploit Wrap Up 10/09/2025
Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...
EUVD-2012-1110
Malware in sbrugna...
EUVD-2011-4550
Malware in sbrugna...
EUVD-2022-5150
Malicious code in bioql PyPI...
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...
GHSA-2RCW-9HRM-8Q7Q TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template...
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...
GHSA-7QWG-FCPW-XG5G Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...