EUVD-2024-0998

Malicious code in bioql PyPI...

EUVD-2024-0788

Malicious code in bioql PyPI...

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

CVE-2024-28119

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...

CVE-2024-28116

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing securit...

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages ca...

CVE-2024-35498

A cross-site scripting XSS vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a specially crafte...

CVE-2024-35498

A cross-site scripting XSS vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-28118 Grav vulnerable to Server Side Template Injection (SSTI)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages ca...

CVE-2024-28117 Grav vulnerable to Server Side Template Injection (SSTI)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

CVE-2024-27921 Grav File Upload Path Traversal vulnerability

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw pose...

PT-2024-2486 · Grav Cms · Grav Cms

Name of the Vulnerable Software and Affected Versions: Grav CMS versions prior to 1.7.45 Description: The issue is related to a Server-Side Template Injection SSTI in Grav CMS, which allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing th...

Grav 安全漏洞

Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from vulnerability to server-side template injection SSTI attacks...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from unrestricted access to the twig extension class from the grav environment...

PT-2024-22274 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: The issue arises from unrestricted access to the twig extension class from the grav context, allowing an attacker to redefine the escape function and execute arbitrary commands. This can be achieved ...

Grav 代码注入漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product presentations. A security vulnerability exists in Grav prior to version 1.7.45, which stems from unrestricted access to the twig extension class from the Grav environme...

WordPress AddToAny Share Buttons plugin <= 1.7.45 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress AddToAny Share Buttons plugin versions = 1.7.45. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.46...