Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-qqfq-7cpp-hcqj
  • Packagist/contao/core-bundle
  • Packagist/contao/contao
Contao does not properly manage privileges for page and article fields 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-w53m-gxvg-vx7p
  • Packagist/contao/core-bundle
  • Packagist/contao/contao
Contao can disclose sensitive information in the news module 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2xmj-8wmq-7475
  • Packagist/contao/core-bundle
  • Packagist/contao/contao
Contao discloses sensitive information in the front end search index 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-7m47-r75r-cx8v
  • Packagist/contao/core-bundle
  • Packagist/contao/contao
Contao applies improper access control in the back end voters 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-9hp3-f5g8-rccg
  • Packagist/solspace/craft-freeform
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability 3 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-gqp9-jh35-439m
  • Packagist/badaso/core
Badaso CMS file upload vulnerability 4 days ago
  • No fix available
  • Severity - 8.9 (High)
GHSA-2f28-69j7-85hf
  • Packagist/alextselegidis/easyappointments
Easy!Appointments SQL injection vulnerability 5 days ago
  • Fix available
  • Severity - 5.7 (Medium)
GHSA-crcq-738g-pqvc
  • Packagist/craftcms/cms
Craft CMS Potential Remote Code Execution via Twig SSTI 5 days ago
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-mqh4-2mm8-g7w9
  • Packagist/vrana/adminer
Adminer PHP Object Injection issue leads to Denial of Service 5 days ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-rx7m-68vc-ppxh
  • Packagist/phpoffice/phpspreadsheet
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser 5 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-74rg-6f92-g6wx
  • Packagist/unopim/unopim
UnoPim has CSV Injection on Quick Export feature 22 Aug
  • Fix available
  • Severity - 2.5 (Low)
GHSA-8p2f-fx4q-75cx
  • Packagist/unopim/unopim
UnoPim has Broken Access Control 22 Aug
  • Fix available
  • Severity - 8.1 (High)
GHSA-287x-6r2h-f9mw
  • Packagist/unopim/unopim
UnoPim vulnerable to CSRF on Product edit feature and creation of other types 21 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-v22v-xwh7-2vrm
  • Packagist/unopim/unopim
UnoPim vulnerable to remote code execution through Arbitrary File upload 21 Aug
  • Fix available
  • Severity - 7.3 (High)
GHSA-xr97-25v7-hc2q
  • Packagist/unopim/unopim
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality 21 Aug
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-35c5-67fm-cpcp
  • Packagist/johnbillion/wp-crontrol
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery 19 Aug
  • Fix available
  • Severity - 5.1 (Medium)