228105 matches found
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23697
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697
Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...
EUVD-2026-42055
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
Malicious code in paperclip-host-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a7cf91b41f6980a21fe3a566b9f251bffaf8326222d7e34daeadcf864355768 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
CVE-2026-23698
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
EUVD-2026-42054
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
CVE-2026-23698
Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...
MAL-2026-6933 Malicious code in hook-augmenting-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd3d1559806fb01191e25c3a162134fb2a28d468e533d6b580fbe7ad1bf821d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hook-augmenting-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd3d1559806fb01191e25c3a162134fb2a28d468e533d6b580fbe7ad1bf821d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GO-2026-5869 Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher
Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
GO-2026-5875 Rancher vulnerable to command injection through unsanitized YAML parameter in github.com/rancher/rancher
Rancher vulnerable to command injection through unsanitized YAML parameter in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2026-5893 Calico Inserts Sensitive Information into Log File in github.com/projectcalico/calicoctl
Calico Inserts Sensitive Information into Log File in github.com/projectcalico/calicoctl. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
GO-2026-5876 Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher
Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...