15 matches found
CVE-2026-56700 Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...
CVE-2026-42613 Grav: Privilege Escalation via Missing Server-Side Validation of groups/access
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the...
CVE-2026-42841 Grav: Stored XSS via Markdown media attribute() action in Grav CMS
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...
CVE-2026-40188
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...
PT-2026-32038
Name of the Vulnerable Software and Affected Versions: goshs versions 1.0.7 through 2.0.0-beta.4 Description: goshs is a SimpleHTTPServer written in Go. The SFTP command rename sanitizes only the source path and not the destination, allowing a write outside of the root directory of the SFTP. This...
CVE-2026-35393 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...
CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...
CVE-2026-34581
goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
PT-2025-36452
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 2.0.0-beta Description: The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. This allows malicious...
Dcat Admin 安全漏洞
Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua. A security vulnerability exists in Dcat Admin v2.2.0-beta and v2.2.2-beta, which was discovered to contain a cross-site scripting vulnerability via /admin/auth/menu and...
ABCD2 跨站脚本漏洞
ABCD2 is an ABCD open source software suite for library and documentation center automation. A cross-site scripting vulnerability exists in ABCD2 2.2.0-beta-1 and earlier versions, which stems from some unknown handling of the file /buscarintegrada.php, where manipulation of the parameter...
FreeRDP Denial of Service Vulnerability (CNVD-2017-25707)
FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team. A denial of service vulnerability exists in FreeRDP version 2.0.0-beta1+android11. A remote attacker can exploit this vulnerability to cause a denial of service with the help of special...