CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

OPENSUSE-SU-2026:10286-1 ruby4.0-rubygem-rack-2.2-2.2.22-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.22-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...

EUVD-2025-50830

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

BPC Banking SmartVista Suite 安全漏洞

BPC Banking SmartVista Suite is a payment software from BPC Banking, USA. A security vulnerability exists in BPC Banking SmartVista Suite version 2.2.22 that originates from a specially crafted GET request and could lead to a cross-site request forgery attack...

CVE-2025-50255

Cross Site Request Forgery CSRF vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request...

Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

MAL-2025-6820 Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

WordPress plugin WPCafe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2022-24486 · Unknown · Smartvista Svfe2

Name of the Vulnerable Software and Affected Versions: SmartVista SVFE2 version 2.2.22 Description: The issue is a SQL injection vulnerability. It can be exploited via the UserForm:j id90 parameter at the "/SVFE2/pages/feegroups/mcc group.jsf" endpoint. Recommendations: For SmartVista SVFE2 versi...

CVE-2022-38617

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:jid97 parameter at /SVFE2/pages/audit/voiceaudit.jsf...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from an SQL injection that can be achieved by an attacker via the voiceAudit:jid97 parameter of the /SVFE2/pages/audit/voiceaudit.jsf component...

PT-2022-24485 · Unknown · Smartvista Svfe2

Name of the Vulnerable Software and Affected Versions: SmartVista SVFE2 version 2.2.22 Description: A SQL injection issue was found in SmartVista SVFE2. The issue is related to the UserForm:j id88, UserForm:j id90, and UserForm:j id92 parameters at the "/SVFE2/pages/feegroups/country group.jsf"...