CVE-2026-20238 Improper Access Control through Role Inheritance in Splunk AI Toolkit app

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

Splunk AI Toolkit 安全漏洞

The Splunk AI Toolkit is a machine learning and artificial intelligence analysis toolkit developed by Splunk for their own platform. Versions of the Splunk AI Toolkit prior to 5.7.3 contained security vulnerabilities. These vulnerabilities stemmed from modifications to the srchFilter entry in the...

CVE-2026-40786

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...

CVE-2026-40786 WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

CVE-2026-40786

CVE-2026-40786 corresponds to a Missing Authorization vulnerability in the WordPress MyRewards plugin (woorewards) with affected versions cited as ≤ 5.7.3 and a potential impact from misconfigured access control levels. Multiple connected sources (RH, NVD, CVE lists, PATCHSTACK, PT-SEC) consisten...

PT-2026-33052

Name of the Vulnerable Software and Affected Versions MyRewards versions prior to 5.7.4 Description Incorrectly configured access control security levels lead to a missing authorization issue in the MyRewards plugin, which allows for the exploitation of security levels. Recommendations Update to ...

EUVD-2026-5158

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...

GHSA-MRQ3-VJJR-P77C Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...

WordPress Essential Blocks plugin <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability

Missing Authorization To Authenticated Author+ Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.2...

CVE-2020-36867

Nagios XI before 5.7.3 has a command-injection vulnerability in the report PDF download/export path. User-supplied values in the PDF generation pipeline or the wrapper invoking offline/pdf tools are not sufficiently validated/escaped, allowing an authenticated attacker who can trigger PDF exports...

EUVD-2020-7876

Malware in sbrugna...

WordPress JoomSport plugin <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion vulnerability

Unauthenticated Directory Traversal to Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin JoomSport versions = 5.7.3...

EUVD-2024-35468

Malicious code in bioql PyPI...

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3...

CVE-2024-54299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through = 5.7.3...

CVE-2024-54299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through = 5.7.3...

WordPress plugin Revi.io 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

PT-2024-36180 · Revi.Io · Revi.Io

Name of the Vulnerable Software and Affected Versions: Revi.io versions n/a through 5.7.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versions n/a through...