Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-f5c8-m5vw-rmgq
  • Packagist/almirhodzic/nova-toggle-5
 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-w942-j9r6-hr6r
  • Packagist/getkirby/cms
 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-jcjw-58rv-c452
  • Packagist/getkirby/cms
 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering 6 days ago
  • Fix available
  • Severity - 7.6 (High)
GHSA-9wfj-c55w-j9qr
  • Packagist/getkirby/cms
 Kirby has XML injection in its XML creator toolkit 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-xjvc-pw2r-6878
  • Packagist/flarum/core
 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) 22 Apr
  • Fix available
  • Severity - 4.9 (Medium)
DRUPAL-CONTRIB-2026-033
  • Packagist:https://packages.drupal.org/8/drupal/obfuscate
 See record for full details 22 Apr
  • Fix available
GHSA-xv3r-vr59-95rg
  • Packagist/ci4-cms-erp/ci4ms
 CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE 22 Apr
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-xp9f-pvvc-57p4
  • Packagist/ci4-cms-erp/ci4ms
 CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE 22 Apr
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-qxpq-82f3-xj47
  • Packagist/ci4-cms-erp/ci4ms
 CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS 22 Apr
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-mh6w-vxff-9wqp
  • Packagist/phpunit/phpunit
 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes 22 Apr
  • Fix available
  • Severity - 7.8 (High)
GHSA-3j5q-7q7h-2hhv
  • Packagist/openmage/magento-lts
 OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution 21 Apr
  • Fix available
  • Severity - 8.7 (High)
GHSA-jvwg-phxx-j3rp
  • Packagist/october/system
 October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations 21 Apr
  • Fix available
  • Severity - 3.3 (Low)
GHSA-jj38-h5w5-mvpf
  • Packagist/october/system
 October CMS: Reflected XSS via DataTable Form Widget 21 Apr
  • Fix available
  • Severity - 3.1 (Low)
GHSA-h6jm-f4hh-fw27
  • Packagist/october/october
 October CMS has Safe Mode Bypass via Twig Database Write Operations 21 Apr
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-3888-q23f-x7qh
  • Packagist/october/system
 October CMS has Safe Mode Bypass via CSS Preprocessor Compilers 21 Apr
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-665x-ppc4-685w
  • Packagist/openmage/magento-lts
 OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure 21 Apr
  • Fix available
  • Severity - 5.3 (Medium)
Load more...