Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...

Remote Code Execution (RCE)

FeehiCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to unrestricted file upload in the Ad Management feature without proper validation or execution restrictions, which allows an attacker to upload and execute malicious PHP files...

Improper Authorization

magento is vulnerable to Improper Authorization. The vulnerability is due to insufficient enforcement of security controls, which allows an attacker to bypass protections and gain unauthorized access without user interactio...

Directory Traversal

alexusmai laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the zip/archiving functionality, which allows an attacker to create crafted archives that include files and directories outside the intended scope...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

Directory Traversal

alexusmai/laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of extraction paths during archive unzip functionality, which allows an attacker to write files to arbitrary locations on the filesystem...

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

Improper Authorization

getgrav/grav is vulnerable to Improper Authorization. The vulnerability is due to insufficient authorization checks when modifying critical form fields via POST requests, which allows an attacker to alter YAML frontmatter including form processing logic and potentially exploit unintended actions...

Arbitrary Code Injection

Neuron is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient validation in the MySQLSelectTool that fails to block file-writing SQL constructs, which allows an attacker to bypass read-only restrictions and write arbitrary files to the database server...

Self Cross-Site Scripting (Self-XSS)

privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the datareadableName parameter of the /admin/accounts/groups/Grupo endpoint, which allows an attacker to inject and store malicious scripts that execute when the affected pa...

Improper Access Control

getgrav/grav is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the "Frontmatter" form, which allows a low-privileged user to read sensitive server files and exploit them to compromise user accounts...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the listid parameter in detail.php and the groupprice or groupid parameters in searchresult.php, which allows an attacker to execute malicious SQL queries through crafted input...

Denial Of Service (DoS)

getgrav/grav is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation in the “Supported” parameter of the Languages submenu, which allows an attacker to supply malformed input that triggers a fatal regular expression parsing error via the pregmatch function...

SQL Injection

WordPress Zero Spam plugin is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization and escaping of the order and orderby parameters before they are used in SQL queries in the admin dashboard, allowing attackers to inject malicious SQL statements and manipulate databa...

Cross Site Scripting (XSS)

getgrav/grav is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of...

Security Sandbox Bypass

getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to insufficient protection of the Twig template sandbox, which allows an authenticated user with editor permissions to inject malicious template directives and execute arbitrary code on the server...

Cross-Site Scripting (XSS)

code16/sharp is vulnerable to Cross-Site Scripting XSS.The vulnerability is due to improper handling of expressions wrapped in & within the SharpShowTextField component, which are evaluated by Vue, allowing an attacker to inject and execute arbitrary JavaScript or HTML in a user’s browser when th...

Stored Cross Site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper handling of system message content in the sticky header, where innerHTML is assigned from user-editable message text, which allows an attacker with interface message edit privilege...

Use Of Web Browser Cache Containing Sensitive Information

Drupal core is vulnerable to Use of Web Browser Cache Containing Sensitive Information. The vulnerability is due to improper cache control handling, which allows sensitive information to be stored in browser cache and potentially accessed by unauthorized users...

User Interface (UI) Misrepresentation Of Critical Information

Drupal core is vulnerable to User Interface UI Misrepresentation of Critical Information. The vulnerability is due to improper handling of UI content rendering, which allows an attacker to spoof or misrepresent content and mislead users within the application interface...

Path Traversal

Grav is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of the username path during user creation, where Grav writes the account YAML file to an unintended location outside user/accounts/ when a username contains path traversal sequences, allowing attackers to...

Stored Cross-site Scripting (XSS)

getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...

SQL Injection

phpMyFAQ is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of inputs in the main configuration update functionality, which allows a privileged attacker with configuration edit permissions to execute arbitrary SQL commands and compromise the database...

Local File Inclusion (LFI)

PrivateBin is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the template cookie in the template-switching feature, which allows an attacker to include arbitrary PHP files and potentially read sensitive data or achieve remote code execution...

Host Header Injection

Backdrop CMS is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Host header in password reset requests, which allows an attacker to manipulate redirects to malicious domains and potentially perform session hijacking via cookie injection...

Authentication Bypass

robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...

Privilege Escalation

getgrav/grav is vulnerable to privilege escalation. The vulnerability is due to missing username uniqueness validation during user creation, which allows an attacker to create an account with an existing administrator username and gain full administrative access...

Cross Site Scripting (XSS)

code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...

Path Traversal

getgrav/grav is vulnerable to path traversal. The vulnerability is due to insufficient input sanitization in the backup tool, which allows an authenticated attacker with administrative privileges to exploit user-supplied paths and access arbitrary files outside the intended webroot directory...

Privilege Escalation

getgrav/grav is vulnerable to sensitive information exposure. The vulnerability is due to improper access control in the admin panel, which allows an attacker with read access to view password hashes and potentially exploit them to achieve privilege escalation...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the /admin/pages/page endpoint, which allows an attacker to inject malicious scripts via the dataheadercontentitems parameter...

Improper Check For Unusual Or Exceptional Conditions

Drupal core is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to insufficient validation of access conditions, which allows an attacker to perform forceful browsing and access restricted resources without proper authorization...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled fields such as page titles or usernames displayed in the "Changes" dialog, which allows an attacker to inject malicious code that executes when another authenticated user...

Stored Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...

Arbitrary SQL Execution

Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...

Persistent HTML Injection

privatebin/privatebin is vulnerable to persistent HTML injection. The vulnerability is due to an unsanitized attachment filename attachmentname when attachments are enabled, which allows an attacker to modify the filename before encryption so that, after decryption, arbitrary HTML is inserted...

Denial Of Service (DoS)

processwire/processwire is vulnerable to Denial of Service. The vulnerability is due to automatic extraction of user-supplied ZIP files uploaded via Language Support without size or resource limits prior to validation, which allows an attacker with low privileges to upload a crafted ZIP and trigg...

Improper Access Control

azuracast/azuracast is vulnerable to improper access control. The vulnerability is due to an unintended exposure of an internal SFTP API endpoint in the public HTTP API, which allows an attacker with knowledge of valid SFTP credentials and internal structure to manipulate a station’s database via...

Insecure Direct Object Reference (IDOR)

getgrav/grav is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control in the Admin Panel, which allows a low-privilege attacker to access sensitive information of other users by manipulating direct object references...

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicsid parameter in modules/news/admin/addtotopics.php, which allows an attacker to execute malicious SQL queries through crafted input...

Server-Side Template Injection (SSTI)

getgrav/grav is vulnerable to a Server-Side Template Injection SSTI. The vulnerability is due to improper input handling in form submissions, which allows an attacker to send a crafted POST payload to expose sensitive configuration details, including plugin configurations...

Account Takeover

prestashop/pscheckout is vulnerable to Account takeover. The vulnerability is due to missing validation in the Express Checkout feature, which allows an attacker to silently authenticate using a victim’s email address and take over the account...

SQL Injection

devcode-it/openstamanager is vulnerable to a SQL Injection. The vulnerability is due to improper validation of the display parameter in the API, which allows an attacker to inject and execute arbitrary SQL queries to access, modify, or delete database data...

Privilege Escalation

getgrav/grav is vulnerable to Privilege Escalation PE. The vulnerability is due to improper handling of Twig processing in page frontmatter, which allows an attacker to inject malicious Twig expressions and escalate privileges or execute arbitrary system commands via the scheduler API...

Privilege Escalation

alextselegidis/easyappointments is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the index.php file, which allows a remote attacker to escalate privileges by exploiting insufficient authorization checks...

Authentication Bypass

moodle/moodle is vulnerable to an authentication bypass. The vulnerability is due to improper enforcement of multi-factor authentication logic under certain conditions, which allows an attacker with valid credentials to bypass MFA and gain unauthorized access to user accounts...

Server-Side Template Injection (SSTI)

getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to weak regex validation in the cleanDangerousTwig method, which allows an attacker to execute arbitrary commands on the server...

Improper Input Validation

Symfony is vulnerable to improper input validation. The vulnerability is due to incorrect interpretation of PATHINFO in the Request class, which allows an attacker to bypass access control mechanisms by crafting URLs that do not start with a /...