CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

EUVD-2026-30986

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

CVE-2026-34246

CtrlPanel CVE-2026-34246 affects versions 1.1.1 and earlier. The vulnerability is a Stored XSS in the admin role management interface where datatable() inserts $role->name and $role->color directly into HTML and a .rawColumns(['actions','name']) setting disables automatic escaping. An admin...

EUVD-2026-30615

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

CVE-2026-20205

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text. The vulnerability would require either local access to the log...

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

EUVD-2026-9426

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20003

Cisco Secure FMC Software’s REST API vulnerability enables authenticated remote SQL injection due to insufficient input validation. An attacker with valid credentials (Administrator, Security approver, Intrusion admin, Access admin, Network admin) could send crafted requests to read the database ...

CVE-2026-20001

CVE-2026-20001 affects Cisco Secure FMC Software REST API. An authenticated, remote attacker with privileged user roles (Administrator, Security approver, Access admin, Network admin) can exploit inadequate input validation to perform SQL injection, potentially reading the database and certain OS...

PT-2026-22967

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

Access Control Bypass

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles...

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

CVE-2025-10054

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmremoveagent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, wit...

Is Your Google Workspace as Secure as You Think it is?

The New Reality for Lean Security Teams If you're the first security or IT hire at a fast-growing startup, you've likely inherited a mandate that's both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment...

EUVD-2023-0700

Malicious code in bioql PyPI...

CVE-2021-24780

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...