CVE-2026-41464

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

EUVD-2025-41464

Malicious code in candra-miebogor88-miaww npm...

CVE-2021-41464

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

CVE-2021-41464

creationtimestamp| type| source ---|---|--- 2021-10-01 20:15:44+00:00| seen| https://t.me/cibsecurity/29830...

CVE-2021-41464

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

CVE-2021-41464

CVE-2021-41464 affects concrete5-legacy 5.6.4.0 and earlier; Cross-site scripting via concrete/elements/collection_add.php (rel parameter) allows remote attackers to inject arbitrary web script/HTML. This is confirmed by multiple sources (NVD, Red Hat, CNVD). The provided documents do not specify...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-41464)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the MySQL Server 8.0.20 and prior versions of Oracle MySQL in the Server: Optimizer component. An attacker could...