CVE-2026-56382 - Craft CMS - Remote Code Execution via Missing Config Sanitization in FieldsController
CVE ID :CVE-2026-56382
Published : June 21, 2026, 1:26 p.m. | 57 minutes ago
Description :Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout() without calling Component::cleanseConfig(). An authenticated admin user can inject Yii2 event handlers (e.g., 'on init' keys) via the fieldLayoutConfig parameter to execute arbitrary PHP code and disclose sensitive information (such as environment variables containing database credentials and CRAFT_SECURITY_KEY). The issue is fixed in version 5.9.14.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56382
Published : June 21, 2026, 1:26 p.m. | 57 minutes ago
Description :Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout() without calling Component::cleanseConfig(). An authenticated admin user can inject Yii2 event handlers (e.g., 'on init' keys) via the fieldLayoutConfig parameter to execute arbitrary PHP code and disclose sensitive information (such as environment variables containing database credentials and CRAFT_SECURITY_KEY). The issue is fixed in version 5.9.14.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56383 - Craft CMS - Stored XSS in Table Field via Row Heading Column Type
CVE ID :CVE-2026-56383
Published : June 21, 2026, 1:26 p.m. | 57 minutes ago
Description :Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account (with allowAdminChanges enabled) to inject arbitrary JavaScript that executes when another user views a page containing the affected table field. Affected versions are >= 4.5.0-beta.1 through 4.16.18 and >= 5.0.0-RC1 through 5.8.22; fixed in 4.16.19 and 5.8.23.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56383
Published : June 21, 2026, 1:26 p.m. | 57 minutes ago
Description :Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account (with allowAdminChanges enabled) to inject arbitrary JavaScript that executes when another user views a page containing the affected table field. Affected versions are >= 4.5.0-beta.1 through 4.16.18 and >= 5.0.0-RC1 through 5.8.22; fixed in 4.16.19 and 5.8.23.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56384 - Craft CMS - Missing Authorization in assets/preview-thumb Endpoint
CVE ID :CVE-2026-56384
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset, because no asset-view permission check is performed before preview generation. This affects versions >= 4.0.0-RC1, <= 4.17.7 and >= 5.0.0-RC1, <= 5.9.13, and is fixed in 4.17.8 and 5.9.14.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56384
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset, because no asset-view permission check is performed before preview generation. This affects versions >= 4.0.0-RC1, <= 4.17.7 and >= 5.0.0-RC1, <= 5.9.13, and is fixed in 4.17.8 and 5.9.14.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56385 - Craft CMS - Authorization Bypass in assets/preview-file Endpoint
CVE ID :CVE-2026-56385
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an asset they are not permitted to view and still receive preview response data (previewHtml), including a private preview image route containing the target private assetId. Fixed in 5.9.14 and 4.17.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56385
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an asset they are not permitted to view and still receive preview response data (previewHtml), including a private preview image route containing the target private assetId. Fixed in 5.9.14 and 4.17.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56393 - Craft CMS - Multiple Stored Cross-Site Scripting in Settings Names and Field Options
CVE ID :CVE-2026-56393
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization (e.g., via the checkbox.twig template, which used {{ label|raw }}). An authenticated administrator (with allowAdminChanges enabled) can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions. Fixed in 4.17.0-beta.1 and 5.9.0-beta.1.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56393
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization (e.g., via the checkbox.twig template, which used {{ label|raw }}). An authenticated administrator (with allowAdminChanges enabled) can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions. Fixed in 4.17.0-beta.1 and 5.9.0-beta.1.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56394 - Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter
CVE ID :CVE-2026-56394
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56394
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56395 - SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README
CVE ID :CVE-2026-56395
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56395
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56396 - phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()
CVE ID :CVE-2026-56396
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56396
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56397 - SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README
CVE ID :CVE-2026-56397
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56397
Published : June 21, 2026, 1:27 p.m. | 57 minutes ago
Description :SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56403 - Expat Integer Overflow
CVE ID :CVE-2026-56403
Published : June 21, 2026, 3:43 p.m. | 2 hours, 41 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in storeAtts.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56403
Published : June 21, 2026, 3:43 p.m. | 2 hours, 41 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in storeAtts.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56404 - libexpat Integer Overflow
CVE ID :CVE-2026-56404
Published : June 21, 2026, 3:45 p.m. | 2 hours, 39 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in addBinding.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56404
Published : June 21, 2026, 3:45 p.m. | 2 hours, 39 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in addBinding.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56405 - libexpat Integer Overflow
CVE ID :CVE-2026-56405
Published : June 21, 2026, 3:47 p.m. | 2 hours, 38 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in getAttributeId.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56405
Published : June 21, 2026, 3:47 p.m. | 2 hours, 38 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in getAttributeId.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56406 - Expat XML_ParseBuffer Integer Overflow
CVE ID :CVE-2026-56406
Published : June 21, 2026, 3:48 p.m. | 2 hours, 37 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56406
Published : June 21, 2026, 3:48 p.m. | 2 hours, 37 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56407 - libexpat Integer Overflow
CVE ID :CVE-2026-56407
Published : June 21, 2026, 3:49 p.m. | 2 hours, 36 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56407
Published : June 21, 2026, 3:49 p.m. | 2 hours, 36 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56408 - libexpat Integer Overflow
CVE ID :CVE-2026-56408
Published : June 21, 2026, 3:51 p.m. | 2 hours, 34 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in copyString.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56408
Published : June 21, 2026, 3:51 p.m. | 2 hours, 34 minutes ago
Description :libexpat before 2.8.2 has an integer overflow in copyString.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56409 - libexpat: Integer Overflow in xmlwf Output Filename
CVE ID :CVE-2026-56409
Published : June 21, 2026, 3:52 p.m. | 2 hours, 32 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56409
Published : June 21, 2026, 3:52 p.m. | 2 hours, 32 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56410 - libexpat Integer Overflow
CVE ID :CVE-2026-56410
Published : June 21, 2026, 3:55 p.m. | 2 hours, 30 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56410
Published : June 21, 2026, 3:55 p.m. | 2 hours, 30 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56411 - libexpat: Integer Overflow in endDoctypeDecl
CVE ID :CVE-2026-56411
Published : June 21, 2026, 3:56 p.m. | 2 hours, 29 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56411
Published : June 21, 2026, 3:56 p.m. | 2 hours, 29 minutes ago
Description :xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56412 - Expat Use-After-Free Vulnerability
CVE ID :CVE-2026-56412
Published : June 21, 2026, 3:58 p.m. | 2 hours, 26 minutes ago
Description :libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56412
Published : June 21, 2026, 3:58 p.m. | 2 hours, 26 minutes ago
Description :libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12804 - lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
CVE ID :CVE-2026-12804
Published : June 21, 2026, 6:30 p.m. | 3 hours, 56 minutes ago
Description :A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12804
Published : June 21, 2026, 6:30 p.m. | 3 hours, 56 minutes ago
Description :A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12805 - OFFIS DCMTK ofxml.cc parseFile heap-based overflow
CVE ID :CVE-2026-12805
Published : June 21, 2026, 7:15 p.m. | 3 hours, 11 minutes ago
Description :A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. This patch is called 1d4b3815c0987840a983160bfc671fef63a3105b. It is best practice to apply a patch to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12805
Published : June 21, 2026, 7:15 p.m. | 3 hours, 11 minutes ago
Description :A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. This patch is called 1d4b3815c0987840a983160bfc671fef63a3105b. It is best practice to apply a patch to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...