Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-wvpq-h33f-8rp6
  • Packagist/october/system
 October CMS Vulnerable to Stored XSS via Branding Styles 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-gxxc-m74c-f48x
  • Packagist/october/system
 October CMS Vulnerable to Stored XSS via Editor and Branding Styles 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-4j78-4xrm-cr2f
  • Packagist/getkirby/cms
 Kirby is missing permission checks in the content changes API 3 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-ch7p-mpv4-4vg4
  • Packagist/coreshop/core-shop
 CoreShop Vulnerable to SQL Injection via Admin Reports 4 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-rgmp-4873-r683
  • Packagist/pterodactyl/panel
 Pterodactyl TOTPs can be reused during validity window 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-8c39-xppg-479c
  • Go/github.com/pterodactyl/wings
  • Packagist/pterodactyl/panel
 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced 5 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-824x-88xg-cwrv
  • Packagist/redaxo/source
 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read 6 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-255j-qw47-wjh5
  • Packagist/craftcms/cms
 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior 6 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-v64r-7wg9-23pr
  • Packagist/craftcms/cms
 Unauthenticated Craft CMS users can trigger a database backup 6 days ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-742x-x762-7383
  • Packagist/craftcms/cms
 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI 6 days ago
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-x27p-wfqw-hfcc
  • Packagist/craftcms/cms
 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation 6 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-53vf-c43h-j2x9
  • Packagist/craftcms/cms
 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation 6 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-mqhg-v22x-pqj8
  • Packagist/bagisto/bagisto
 Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users 02 Jan
  • Fix available
  • Severity - 7.4 (High)
GHSA-x5rw-qvvp-5cgm
  • Packagist/bagisto/bagisto
 Bagisto has IDOR in Customer Order Reorder Functionality 02 Jan
  • Fix available
  • Severity - 7.1 (High)
GHSA-5j4h-4f72-qpm6
  • Packagist/bagisto/bagisto
 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product 02 Jan
  • Fix available
  • Severity - 8.9 (High)
GHSA-9hvg-qw5q-wqwp
  • Packagist/bagisto/bagisto
 Bagisto SSTI vulnerability in type parameter can lead to RCE 02 Jan
  • Fix available
  • Severity - 7.3 (High)
Load more...