PT-2026-40462

Name of the Vulnerable Software and Affected Versions GoJobs affected versions not specified Description GoJobs is a REST API for a Job Board platform. The application contains a job retrieval endpoint that lacks proper authentication and authorization checks. This allows unauthenticated users to...

PT-2026-40127

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memory id are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

PT-2026-39974

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb handle slek payment redirect function placing the merchant's slek key and slek secret API credentials directly into a client-side HTML form, and additionally embeddin...

CVE-2026-31216

The CVE concerns the Nexent v1.7.5.2 backend service. The vulnerability lies in the file management API: DELETE /storage/{object_name:path} accepts a user-controlled object_name and is missing authentication, authorization, and input validation. This allows unauthenticated remote attackers to del...

PT-2026-39962

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission callback of ' return true', which bypasses...

PT-2026-40389

Name of the Vulnerable Software and Affected Versions Archon OS affected versions not specified Description A flaw in the local API handling allows unauthenticated attackers to perform a web-to-client attack. By inducing a user to visit a malicious website, an attacker can bypass Cross-Origin...

mem0 安全漏洞

mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...

CVE-2026-31244

The CVE-2026-31244 entry concerns the mem0 1.0.0 server, where the memory deletion API (DELETE /memories/{memory_id}) lacks authentication/authorization. This allows unauthenticated remote deletion of memory records, enabling unauthorized data loss and potential denial of service. Severity is CVS...

GoJobs API 访问控制错误漏洞

The GoJobs API is a high-performance job platform REST API developed by Manav Mahesh Sanger. The GoJobs API has an access control vulnerability, which stems from the lack of authentication and authorization checks in the job retrieval endpoints. This vulnerability may allow unauthorized users to...

WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-40435

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

CVE-2026-31240

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

PT-2026-40270

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the path traversal in the knowledge base API, which could allow...

CVE-2026-31244

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories/memoryid. The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by...

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

PT-2026-40049

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

PT-2026-40425

Name of the Vulnerable Software and Affected Versions dalfox affected versions not specified Description A structural ordering error in the ParameterAnalysis function within pkg/scanning/parameterAnalysis.go allows an unauthenticated remote attacker to crash the dalfox server process. The issue...

PT-2026-40441

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

PT-2026-40118

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...