Lucene search
K

229 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3092

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3523

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2167

Malicious code in bioql PyPI...

4.8CVSS5AI score0.027EPSS
Exploits4References7
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.6 views

CVE-2024-29686

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...

7.2CVSS8AI score0.01821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.9 views

CVE-2024-54149

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

8.4CVSS8.5AI score0.00405EPSS
Exploits0References1
Wiz blog
Wiz blog
added 2025/02/24 2:0 p.m.5 views

Wiz Named #1 CDR Solution by G2

Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 7:37 p.m.20 views

CVE-2022-39357

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it do...

9.8CVSS6.8AI score0.01027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:52 a.m.5 views

CVE-2024-32003

wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...

8.8CVSS8.8AI score0.00672EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/19 2:46 p.m.11 views

Sandbox Bypass

winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...

8.4CVSS7AI score0.00405EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2024/12/09 9:42 p.m.2 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the manipulation of Twig templates. An attacker can modify or delete data by bypassing the sandbox restrictions designed to limit template capabilities. Note: This is only exploitable if the...

8.4CVSS7AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2024/12/09 9:15 p.m.53 views

CVE-2024-54149

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

8.4CVSS0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 8:54 p.m.14 views

CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

8.4CVSS7.3AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2024/12/09 8:54 p.m.18 views

CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

8.4CVSS6.7AI score0.00405EPSS
Exploits0References4
CVE
CVE
added 2024/12/09 8:54 p.m.65 views

CVE-2024-54149

Winter CMS has a sandbox bypass in Twig templates that affects versions prior to 1.2.7, 1.1.11, and 1.0.476. If an attacker has backend access with cms.manage_layouts, cms.manage_pages, or cms.manage_partials, they can modify or delete theme resources and potentially manipulate model data passed ...

8.4CVSS8.8AI score0.00405EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/09 8:54 p.m.56 views

CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

8.4CVSS0.00405EPSS
Exploits0References2
OSV
OSV
added 2024/12/09 8:41 p.m.11 views

GHSA-XHW3-4J3M-HQ53 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...

8.4CVSS8.6AI score0.00405EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/09 8:41 p.m.27 views

Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...

8.4CVSS7AI score0.00405EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.7 views

PT-2024-36072 · Unknown · Winter Cms

Name of the Vulnerable Software and Affected Versions: Winter CMS versions prior to 1.2.7 Winter CMS versions prior to 1.1.11 Winter CMS versions prior to 1.0.476 Description: The issue allows users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on...

8.4CVSS6.4AI score0.00405EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.6 views

Winter 安全漏洞

Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...

8.4CVSS6.3AI score0.00405EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/15 8:20 a.m.14 views

Improper Privilege Management

winter/wn-dusk-plugin is vulnerable to Improper Privilege Management. The vulnerability is due to the exposure of a route URL/dusk/login/USER ID/MANAGER that allows unauthenticated access to user accounts in Winter CMS instances with the Dusk plugin installed and configured improperly...

8.8CVSS7.1AI score0.00672EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder