Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pgxq-p76c-x9cg
  • Packagist/verbb/formie
 formie's unauthenticated front-end submission editing can overwrite existing submissions 17 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-xw54-c3mx-9pm3
  • Packagist/admidio/admidio
 Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 17 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-mch8-wf3h-6x88
  • Packagist/admidio/admidio
 Admidio writes session IDs and auto-login cookie values to application logs 17 hours ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-4rgq-38mh-9xqg
  • Packagist/admidio/admidio
 Admidio PKCS#12 private key export action lacks CSRF protection 17 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-x628-457g-2pw9
  • Packagist/admidio/admidio
 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders 17 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-q6w3-hpfv-rg36
  • Packagist/admidio/admidio
 Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders 17 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-xg76-5qj2-2hhv
  • Packagist/admidio/admidio
 Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation 17 hours ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-mx25-j3rc-6w2w
  • Packagist/admidio/admidio
 Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords 17 hours ago
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-rwjr-qjj3-mq2f
  • Packagist/admidio/admidio
 Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` 17 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-qc4c-hrmc-4f78
  • Packagist/admidio/admidio
 Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges 17 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-55rj-x2vc-4whq
  • Packagist/symfony/symfony
  • Packagist/symfony/twilio-notifier
 Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification 18 hours ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-7j2f-6h2r-6cqc
  • Packagist/phanan/koel
 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs 19 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-xg9x-h37w-h3r3
  • Packagist/ezsystems/ezpublish-legacy
 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup 20 hours ago
  • No fix available
  • Severity - 7.1 (High)
GHSA-j6fm-9rfm-j5hx
  • Packagist/froxlor/froxlor
 Froxlor has an incomplete fix for CVE-2026-30932 yesterday
  • Fix available
GHSA-mq5v-pxpm-8jw2
  • Packagist/froxlor/froxlor
 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path yesterday
  • Fix available
  • Severity - 8.8 (High)
GHSA-gcv3-5v9q-fmhh
  • Packagist/froxlor/froxlor
 Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement yesterday
  • Fix available
  • Severity - 8.8 (High)
Load more...