CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

GHSA-2286-HXV5-CMP2 Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

PT-2026-6843

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

PT-2026-6802

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...

EUVD-2025-198580

A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed a...

EUVD-2006-5124

Malware in sbrugna...

CVE-2024-47617

Sulu CMS is affected by a Reflected XSS in the media download URL via the SuluMediaBundle. The issue stems from how the slug parameter is handled in the MediaStreamController downloadAction, allowing injection of arbitrary HTML/JavaScript. Affected versions include 2.6.4/2.5.20 (prior to fixes). ...

WordPress Website Content in Page or Post plugin < 2024.04.09 - Contributor+ Stored Cross-Site Scripting vulnerability

Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ayush Juneja in WordPress Plugin Website Content in Page or Post versions 2024.04.09...

PT-2024-20342 · WordPress · Website Content In Page/Post

Name of the Vulnerable Software and Affected Versions: Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 Description: The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes befor...

Authorization

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

GHSA-V68G-62V9-39W5 Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

Improper access control

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...

CVE-2022-25238

CVE-2022-25238 affects the SilverStripe Framework up to version 4.10.0, where an authenticated CMS user can inject tokens into script content via XHR, enabling XSS when the cwp-core module is not installed and sanitise_server_side contig is not true. The issue is documented across multiple source...

Apple iTunes Memory Corruption Vulnerability (CNVD-2019-36612)

Apple iTunes for Windows is a Windows-based media player application from Apple.WebKit is one of the components of the Web browser engine. A security vulnerability exists in the WebKit component of Apple iTunes for Windows prior to version 12.10.1. The vulnerability can be exploited by an attacke...

Multiple Apple Products WebKit Remote Code Execution Vulnerability

Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is an open source web...

SQL Injection Vulnerability in ASRock's Website CMS

TechSpring Technology Limited is a one-stop IT solution provider. A SQL injection vulnerability exists in ASRock's website builder CMS. Attackers can exploit the vulnerability to obtain sensitive database information...

OpenCMS 10.5.3 Cross Site Request Forgery

Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...