4 matches found
EUVD-2026-42780
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...
PT-2026-44078
Name of the Vulnerable Software and Affected Versions MapServer versions 6.4.0 through 8.6.2 Description A NULL pointer dereference occurs when the msSLDParseUserStyle function calls SLDApplyRuleValuespsRule, psLayer, 1 for any containing an . The system assumes msSLDParseRule added one class;...
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...
PT-2025-15071 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad versions 6.4.0 through 6.4.1 Description: The issue allows for Server-Side Request Forgery SSRF to occur. Authenticated admin users can enable webhooks, which are triggered as POST requests when certain conditions are met. If a webhook...