CVE-2026-42845 Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

Grav CMS 安全漏洞

Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS prior to 9.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of path stripping during file uploads and the failure to strictly prevent the extension of page...

goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files

The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...