178 matches found
CVE-2026-9172
WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution (versions up to 1.2.0) is vulnerable to unauthorized modification/deletion of data due to a missing capability check in delete_single_account(), with the REST route devs-accounting/v1/delete-account/(?P\d+) registered wit...
EUVD-2026-38659
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...
CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...
CVE-2026-54105
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...
EUVD-2026-37912
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...
Exploit for CVE-2026-54596
CVE-2026-54596 - Authenticated SQL Injection via recurringinv...
CVE-2026-42951
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
PT-2026-47094
Name of the Vulnerable Software and Affected Versions Klever-Go versions prior to 9640d63 Description A resource leak exists in the account-data trie syncers where bounded throttler slots are not released during error paths in the syncDataTrie function. When a trie sync fails, a slot from the...
CVE-2026-42951
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
CVE-2026-42951
CVE-2026-42951 concerns the Danelec MacGregor Voyage Data Recorder (VDR) device. The description across sources states an authenticated user can download a backup of the VDR that includes account data and password hashes. The connected records corroborate credentials exposure as the primary issue...
EUVD-2026-33396
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
CVE-2026-42951
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
CVE-2026-42951 MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
PT-2026-44928
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description An authenticated user can download a backup of the device, which contains account data and password hashes. Recommendations At the moment, there is no informati...
CVE-2026-40850
CVE-2026-40850 describes an unauthenticated SQL injection in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command, leading to total loss of confidentiality. The vulnerability is shown with CVSS 3.1 base score 7.5 (NETWORK, LOW complexity, NONE pri...
CVE-2026-40850
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
EUVD-2026-32149
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...