322 matches found
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
EUVD-2026-20379
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
EUVD-2026-20052
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
CVE-2026-27787
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
CVE-2026-27787
MATCHA SNS contains a cross-site scripting vulnerability (CVE-2026-27787) affecting version 1.3.9 and earlier. The root cause is an XSS flaw that could allow arbitrary script execution in a user’s browser when visiting a compromised page. Public sources in connected documents confirm affected ver...
CVE-2026-27787
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
PT-2026-31084
Name of the Vulnerable Software and Affected Versions MATCHA SNS versions prior to 1.4.0 Description A cross-site scripting issue exists. Successful exploitation could allow an attacker to execute arbitrary scripts in a user's web browser when they access the website. Recommendations Update to...
PT-2026-31250
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
WordPress plugin WP Frontend Profile 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
ICZ MATCHA SNS 跨站脚本漏洞
ICZ MATCHA SNS is a notification and message distribution system developed by the Japanese company ICZ. Versions of ICZ MATCHA SNS 1.3.9 and earlier contained a cross-site scripting vulnerability. This vulnerability was due to a susceptibility to cross-site scripting attacks, which could allow...
CVE-2026-32341
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through = 1.3.9...
CVE-2026-32486
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...
EUVD-2026-12474
AWS API MCP File Access Restriction Bypass...
GHSA-2CPP-J2FC-QHP7 AWS API MCP File Access Restriction Bypass
Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...
AWS API MCP File Access Restriction Bypass
Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...
Improper Protection of Alternate Path
Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...