Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6mrr-q3pj-h53w
  • Packagist/craftcms/cms
 Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations 9 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-3pvf-vxrv-hh9c
  • Packagist/craftcms/cms
 Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR) 13 minutes ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-2fph-6v5w-89hh
  • Packagist/craftcms/cms
 Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior 16 minutes ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-x6w6-2xwp-3jh6
  • Packagist/froxlor/froxlor
 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API 17 minutes ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-rc55-58f4-687g
  • Packagist/roadiz/documents
 Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents 19 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-qr6x-wvxr-8hm9
  • Packagist/opensource-workshop/connect-cms
 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information 20 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-62ch-j6x7-722j
  • Packagist/opensource-workshop/connect-cms
 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature 20 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-jh46-85jr-6ph9
  • Packagist/opensource-workshop/connect-cms
 Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin 20 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-mv3p-7p89-wq9p
  • Packagist/opensource-workshop/connect-cms
 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin 20 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-cmfh-mpmf-fmq4
  • Packagist/opensource-workshop/connect-cms
 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View 20 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-hxqw-6qv7-cqfv
  • Packagist/opensource-workshop/connect-cms
 Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin 20 hours ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-phrq-pc6r-f6gh
  • Packagist/mantisbt/mantisbt
 MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL 20 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-m59h-42jf-cphr
  • Packagist/putyourlightson/craft-sprig
 Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground 20 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-8fw8-q79c-fp9m
  • Packagist/wwbn/avideo
 AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) 3 days ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-mwjc-5j4x-r686
  • Packagist/wwbn/avideo
 AVideo has an unauthenticated decrypt oracle leaking any ciphertext 3 days ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-hv36-p4w4-6vmj
  • Packagist/wwbn/avideo
 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload 3 days ago
  • No fix available
  • Severity - 8.8 (High)
Load more...