CVE Vulnerabilities - 20 March 2026

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can r...

A security issue in SiYuan version 3.6.0 and earlier allows users with a certain role to execute any SQL command, potentially deleting or modifying data. This bypasses the intended security settings. ...

A security issue in older versions of Xerte Online Toolkits lets attackers upload files without permission. This could allow an attacker to add malicious code to your website, which could be used to t...

Versions of the CTFer.io Monitoring component prior to 0.2.2 can be tricked into overwriting important system files, potentially allowing attackers to gain control of the system. This is especially co...

If you're using SuiteCRM versions older than 7.15.1 or 8.9.3, an attacker might be able to access your customer data without logging in. This is because the software doesn't properly check user input ...

A security flaw in older versions of SuiteCRM allows an attacker to gain full control of the system by exploiting a weakness in the login process. This could allow an unauthorized user to gain access ...

An attacker with upload permissions in Admidio can upload PHP scripts or other unauthorized file types, potentially allowing them to execute code on the server. This is a serious risk because it could...

An attacker with administrator privileges can execute system commands on the server running SuiteCRM. This could lead to unauthorized actions, data exposure, or even server compromise. Update to versi...

A bug in the LZ4 Flex decompression library can leak sensitive information, such as passwords or other confidential data, from memory or from previous decompression operations. This can happen when de...

Some Spring Boot applications with Actuator enabled may allow unauthorized access to secure endpoints. This could let attackers access sensitive data or perform actions without being authenticated. To...

Authenticated users can access and modify data they shouldn't be able to see or change. This is a risk because it lets unauthorized users see or alter sensitive customer information. Update to SuiteCR...

Fullchain's CTF platform versions before 0.1.1 allow an attacker to move between parts of a system they shouldn't have access to. This could lead to unauthorized access to sensitive data or disruption...

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypa...

A vulnerability in the file browser's copy and rename feature allows authorized users to bypass restrictions and access folders they shouldn't be able to access. This can happen when a user includes s...

Before patching, SuiteCRM's record retrieval feature didn't verify you had permission to view certain records. This could allow unauthorized access to sensitive customer information. You should update...

A security issue in older versions of SuiteCRM allows any logged-in user to see sensitive information about other users, including their passwords. This could be used to crack the passwords of importa...

Using a feature called scripting engine in some Spring applications can accidentally reveal sensitive file content to users. This is a security risk because it can expose confidential data. To fix thi...

An attacker can inject malicious HTML and JavaScript into eCard emails sent to other members. This could lead to phishing or other types of attacks. To fix this, update the Admidio eCard send handler ...

An attacker can trigger post-upload hooks without uploading a file by sending a negative upload length. This allows unauthorized access to files and potentially malicious actions. Update the TUS handl...

Some Spring applications may experience data corruption when using a feature called Server-Sent Events. This can happen if you're using certain versions of the Spring Framework. To fix this, update to...

Kargo's promotion steps can be configured to access internal network addresses, potentially exposing sensitive data and allowing unauthorized access to internal systems. This can happen if a user with...

Astral Tokio Tar, a tool for working with tar archives, does not properly check for errors in some parts of the archive. This could potentially lead to errors if a user tries to extract a poorly const...

A security issue in a WordPress plugin allows unauthorized users to gain access to the site's administrative area. This could allow hackers to manipulate site settings, upload malicious files, and pot...

A GitHub repository that was previously publicly accessible is now restricted, making it unavailable to the public. This may cause issues for users who relied on the repository for code or information...