80083 matches found
CVE-2026-53447
Wekan (open-source Kanban) contains a vulnerability in the cloneBoard Meteor method prior to version 9.35. The method in models/import.js uses a caller-supplied sourceBoardId to export a board via models/exporter.js without canExport checks or membership verification. As a result, any authenticat...
EUVD-2026-36546
Koel: Server-Side Request Forgery SSRF in radio station creation due to missing validation bail...
CVE-2026-59255
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...
EUVD-2026-44730
Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...
CVE-2026-59255 BloodHound Missing Authorization on Custom Node Management API
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...
EUVD-2026-44754
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...
CVE-2026-55242
CVE-2026-55242 affects ERPNext prior to 15.111.0 and 16.22.0, where an authenticated user with a standard operational role can trigger a server-side template injection via a configuration field in Batch autonaming (Stock Settings.naming_series_prefix). This leads to unauthorized disclosure of dat...
CVE-2026-55242 ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...
EUVD-2026-44704
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...
CVE-2026-59235
Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...
WP Dream Carousel < 1.0.1b - Cross-Site Scripting
WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...
Widget4Call WordPress - Cross-Site Scripting
Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...
Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting
Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Broadstreet WordPress plugin - Reflected XSS
Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...
WP Triggers Lite - Cross-Site Scripting
WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Apache Druid - Local File Inclusion
Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of t...
WordPress Job Portal < 2.0.6 - SQL Injection
The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...
Shield Security Plugin < 20.0.6 - Cross-Site Scripting
The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...
WordPress HTML5 Video Player < 2.5.27 - SQL Injection
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...
Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...