CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

CVE-2026-39387

BoidCMS, a PHP-based flat-file CMS, before v2.1.3 is vulnerable to a critical Local File Inclusion via the tpl parameter that is passed directly to require_once without proper path validation. An authenticated administrator can inject path traversal (../) to escape the theme directory and include...

CVE-2018-12492

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfilef function in framework/admin/tplcontrol.php...

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

PT-2025-54230

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a remote command execution issue that allows unauthenticated attackers to execute arbitrary commands as root. The issue is due to a flaw in the handling of the command GET...

EUVD-2006-3161

Malware in sbrugna...

EUVD-2025-22099

Malicious code in bioql PyPI...

CVE-2025-8975

A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

MAL-2025-37123 Malicious code in tpl-browser (npm)

The package tpl-browser was found to contain malicious code...

Malicious code in tpl-browser (npm)

The package tpl-browser was found to contain malicious code...

TRENDnet多款产品 安全漏洞

TRENDnet TPL-430AP and others are products of Trendnet, Inc.TRENDnet TPL-430AP is a wireless access point.TRENDnet TI-G160i is an intelligent managed switch.TRENDnet TI-PG102i is an intelligent managed switch. A security vulnerability exists in several TRENDnet products, which stems from an issue...

PT-2025-32366 · Trendnet · Tpl-430Ap +2

Name of the Vulnerable Software and Affected Versions: TRENDnet TI-G160i versions up to 20250724 TRENDnet TI-PG102i versions up to 20250724 TRENDnet TPL-430AP versions up to 20250724 Description: A critical vulnerability exists in the SSH Service component of TRENDnet devices. The issue involves...

CVE-2025-44651

In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...

CVE-2025-44651

In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...

CVE-2025-44651

In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...