Lucene search
K

63 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-15326

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS0.00364EPSS
Exploits0References6
CVE
CVE
added 6 days ago8 views

CVE-2026-15326

The CVE-2026-15326 entry concerns halo-dev halo up to version 2.24.2. It affects ThemeUtils.unzipThemeTo in ThemeUtils.java (Theme Installation). The vulnerability arises from manipulation of the argument metadata.name, enabling path traversal. This can be triggered remotely, and a public exploit...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-15326

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42782

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS0.00364EPSS
Exploits0References6
OSV
OSV
added 6 days ago3 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.8AI score0.00364EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/29 8:42 p.m.10 views

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS7.1AI score0.00501EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: aurorae-6.6.4-1.fc44

Aurorae is a themeable window decoration for KWin. It supports theme files consisting of several SVG files for decoration and buttons. Themes can be installed and selected directly in the configuration module of KWin decorations. Please have a look at theme-description on how to write a theme fil...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/12/12 12:30 a.m.7 views

EUVD-2024-55336

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS7.6AI score0.00487EPSS
Exploits0References5
NVD
NVD
added 2025/12/11 10:15 p.m.6 views

CVE-2024-58295

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS0.00487EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/11 10:8 p.m.3 views

Arbitrary File Upload

Overview elkarte/elkarte is an ElkArte PHP-based community discussion forum. Affected versions of this package are vulnerable to Arbitrary File Upload via the theme installation process. An attacker can execute arbitrary code by uploading a ZIP archive containing a malicious PHP file, which is th...

8.6CVSS7.6AI score0.00487EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 9:36 p.m.4 views

CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS6.6AI score0.00487EPSS
Exploits0References6
CVE
CVE
added 2025/12/11 9:36 p.m.8 views

CVE-2024-58295

CVE-2024-58295 affects ElkArte Forum 1.1.9. A remote code execution vulnerability allows authenticated administrators to upload a ZIP containing a PHP file through the theme installation process, with the uploaded PHP file executed when accessed in the theme directory. Exploitation is described i...

8.6CVSS7.7AI score0.00487EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 9:36 p.m.21 views

CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS0.00487EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

Elkarte 代码问题漏洞

Elkarte is an open source forum software by ElkArte. A code issue vulnerability exists in Elkarte version 1.1.9, which stems from a PHP file upload during theme installation that could lead to the execution of system commands...

8.6CVSS7.2AI score0.00487EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50749

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS8.1AI score0.00487EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17064

Malware in sbrugna...

8.8CVSS8.8AI score0.00604EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-16953

Malware in sbrugna...

5.3CVSS7.6AI score0.0238EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51540

Malicious code in bioql PyPI...

4.3CVSS9AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1973

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01422EPSS
Exploits1References4
Rows per page
Query Builder