1586 matches found
CVE-2026-3117
Mattermost plugins contain a permission-check flaw in the GitLab plugin command processing. Versions affected: Mattermost Plugins
CVE-2020-37237
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...
Information Disclosure
strapi/strapi is vulnerable to information disclosure. The vulnerability is due to insufficient sanitization of relational query parameters in the where filter, which allows an unauthenticated attacker to perform a boolean-oracle attack against restricted adminusers table fields and potentially...
CVE-2026-45351 Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...
CVE-2026-44558
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...
CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the StandardEvaluationContext method. An attacker can execute arbitrary code and exfiltrate credentials by supplying crafted Spring Expression Language SpEL expressions as an authenticated user with...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the StandardEvaluationContext method. An attacker can execute arbitrary code and exfiltrate credentials by supplying crafted Spring Expression Language SpEL expressions as an authenticated user with...
CVE-2026-27886
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...
CVE-2026-8621 Crabbox < v0.12.0 Authentication Bypass via Header Spoofing
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...
CVE-2026-27886 Strapi may leak sensitive data via relational filtering due to lack of query sanitization
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
CVE-2026-42555
Valtimo CVE-2026-42555 (SpEL injection in StandardEvaluationContext) affects com.ritense.valtimo:document (12.0.0–12.31.0), com.ritense.valtimo:case (13.0.0–13.22.0), and com.ritense.valtimo:contract (13.4.0–13.22.0). An authenticated ADMIN user can achieve Remote Code Execution and credential ex...
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
Portainer has an endpoint security bypass via Swarm service create/update
Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...
Missing Authorization
Overview github.com/portainer/portainer/api/http/proxy/factory/docker is a management UI which allows to manage different Docker environments. Affected versions of this package are vulnerable to Missing Authorization in the enforcement of endpoint security restrictions for non-admin users on Dock...
GHSA-5FXQ-QCF3-244W Portainer has an endpoint security bypass via Swarm service create/update
Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...
Strapi 路径遍历漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi from 4.0.0 to 5.37.0 had a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of query parameters when filtering content using relationship fields...
PT-2026-40972
Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 5.36.1 Description Strapi did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessible...