Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust...

Allocation of Resources Without Limits or Throttling

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust system...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-27314 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-27314 Source advisory: OSV:GHSA-QXPC-96FQ-WWMG...

CVE-2026-32813

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-32817

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIE...

CVE-2026-32813

Admidio has a second-order SQL injection via its list configuration feature. Authenticated users can store arbitrary values in the list configuration (notably in lsc_special_field, lsc_sort, and lsc_filter) which are later interpolated unsafely into SQL during list rendering, enabling data exfilt...

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities; these vulnerabilities st...

CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

CVE-2026-32756

CVE-2026-32756 is linked to a file upload RCE in Admidio (Documents & Files module). The GitHub advisory describes a design flaw in UploadHandlerFile.php where the uploaded file is saved to disk before CSRF and file-extension checks run. If CSRF validation fails (invalid token), the extension che...

CVE-2026-32818

Summary of CVE-2026-32818 (Admidio) : In versions 5.0.0–5.0.6, the forum module fails to enforce authorization for topic and post deletions. The handlers for topic_delete and post_delete in forum.php only validate CSRF tokens and do not verify current user permissions, allowing any authenticated ...

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)

@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

CVE-2026-30927

Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...

PT-2026-24152

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.6 Description Admidio is a user management solution. A flaw exists in the event participation logic within the modules/events/events function.php file. This allows any user permitted to participate in an event to...

CVE-2023-49162

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6...

Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Invisioncommunity

CVE-2025-47916 - Invision Community Remote Code Execution RCE...