Sign in Subscribe

← All vendors

Vendor

Packagist

Products

6

CVEs

6

Across products

6

Status

Private

Products

6

Recent CVEs

6

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-9573	Hig	0.56	—	0.00		Sep 2, 2025	The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
CVE-2021-47763	Hig	0.53	8.2	0.00		Jan 15, 2026	Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
CVE-2020-36950	Med	0.42	6.5	0.00		Jan 27, 2026	Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
CVE-2025-60868	Med	0.35	6.5	0.00		Oct 10, 2025	The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter pollution, or denial of service.
CVE-2025-14840		0.00	—	0.00		Jan 28, 2026	Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.
CVE-2025-13980		0.00	—	0.00		Jan 28, 2026	Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.