Craft CMS versions prior to build 2791 suffer from a server-side template injection vulnerability.
d6c07b9c38fb3cfe42f98d1ca5686bfe86383f8459ba8e4a28ecb5a9583adf0b
PspInitializeFullProcessImageName does not correctly handle a NULL pointer being passed to it leading to a dereference at NULL for a file object which might be exploitable on 32 bit systems for elevation of privilege.
70b82482716445062d80fb96e4fdd034b32b3c939d117b27406277646b4a03a2
Kagao version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
3441d2b7a7e0124aa7760c90c3df1efc3b9e7bd94c8da1b4064565815f2bb51b