7058 matches found
CVE-2009-4520
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path...
CVE-2010-0215
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
CVE-2016-10514
urlcheckformat in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring...
CVE-2011-0729
dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...
PT-2026-1972
Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A security issue exists in code-projects Intern Membership Management System version 1.0. The issue involves the manipulation of the admin id argument within an unknown...
CVE-2019-12002
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versions: GL225P001 and earlier; GL225P001 and...
PT-2026-2124
Name of the Vulnerable Software and Affected Versions n8n versions 0.150.0 through 2.2.1 Description n8n is a workflow automation platform. A flaw in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger node create...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000191)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000191 advisory. btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain...
PT-2026-1326
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...
PT-2025-53850
Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the formSetRemoteVlanInfo function, located in the...
PT-2025-53829
Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. Manipulation of the arguments refNo, Fname, Lname, sex, age, contact, and nationality nid can lead to a...
PT-2025-53853
Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A security issue exists in Tenda M3 version 1.0.0.134903. The formSetAdInfoDetails function within the /goform/setAdInfoDetail file is susceptible to a heap-based buffer overflow. This occurs through t...
PT-2025-53646
Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A command injection issue exists in ZSPACE Z4Pro+. The issue is located within the HTTP POST Request Handler component, specifically in the zfilev2 api SafeStatus function accessible via the...
PT-2025-53626
Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 Description A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the Upload function within the...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the Code node when running in legacy JavaScript execution mode. An attacker can access or modify files on the host system with the same privileges as the application process by invoking internal...
PT-2025-53606
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...
PT-2025-53593
Name of the Vulnerable Software and Affected Versions krishanmuraiji SMS version 1.0 Description A SQL injection issue exists in krishanmuraiji SMS version 1.0. The issue is located within the '/studentms/admin/edit-class-detail.php' file and is triggered through the editid GET parameter. An...
PT-2025-52766
Name of the Vulnerable Software and Affected Versions Netgear EX8000 version 1.0.0.126 Description The Netgear EX8000 Mesh Extender firmware version 1.0.0.126 contains a Command Injection issue. This occurs due to a flaw in the action bandwidth function, specifically through manipulation of the...
PT-2025-52583
Name of the Vulnerable Software and Affected Versions Campcodes Complete Online Beauty Parlor Management System version 1.0 Description A cross site scripting issue exists in Campcodes Complete Online Beauty Parlor Management System version 1.0. Manipulation of the fromdate argument in the file...
Improper Check For Unusual Or Exceptional Conditions
Drupal core is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to insufficient validation of access conditions, which allows an attacker to perform forceful browsing and access restricted resources without proper authorization...