Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...

Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

PT-2026-38302

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.21 Statamic versions prior to 6.15.0 Description Responses from the forgot password forms reveal whether an account exists for a specific email address. This allows an unauthenticated attacker to perform user...

EUVD-2025-208504

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

PT-2025-27999

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0 Description: A vulnerability in the Linux kernel has been resolved, related to the kvaser pciefd driver. The issue involves the echo skb max handling logic, which defines the supported upper limit of echo...

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.

...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2020-52943)

Atlassian Confluence Server is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A cross-site scripting vulnerability exists in the Attachment Upload feature in Atlassian Confluence Server...

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

Node.js 'debugger' Privilege Escalation Vulnerability - Mac OS X

Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

UBUNTU-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...