30 matches found
CVE-2026-4313
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this m...
CVE-2026-46407 Vvveb: admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokens
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...
PT-2026-37203
Name of the Vulnerable Software and Affected Versions Pelican versions 7.21.0 through 7.21.4 Pelican versions 7.22.0 through 7.22.2 Pelican versions 7.23.0 through 7.23.2 Pelican versions 7.24.0 through 7.24.1 Description A privilege escalation issue exists in the Web User Interface WebUI that...
Dgraph 信息泄露漏洞
Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.3 had an information leakage vulnerability. This vulnerability stemmed from Dgraph exposing the process command line through unvalidated/debug/vars endpoints,...
Blinko 安全漏洞
Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a security vulnerability. This vulnerability stemmed from an insecure direct object reference in the user.detail...
Fleet cross-site scripting vulnerabilities
Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a cross-site scripting vulnerability. This vulnerability...
CVE-2025-12870
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...
CVE-2025-12870
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...
CVE-2025-12871 aEnrich|a+HRD - Authentication Abuse
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...
CVE-2025-12871 aEnrich|a+HRD - Authentication Abuse
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...
CVE-2025-12871
CVE-2025-12871 concerns the aEnrich a+HRD product. The connected sources confirm an Authentication Abuse vulnerability where unauthenticated remote attackers can forge administrator access tokens and use them to gain elevated privileges on the system. The issue is attributed to the authentication...
CVE-2025-12870 aEnrich|eHRD - Authentication Abuse
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...
aEnrich a+HRD 安全漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A security vulnerability exists in aEnrich a+HRD that stems from authentication abuse and could allow an unauthenticated remote attacker to send specially crafted packets to obtain administrator access...
Restaurant Brands International assistant platform 安全漏洞
Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...
EUVD-2024-42714
Malicious code in bioql PyPI...
EUVD-2024-50437
Malicious code in bioql PyPI...
GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens
Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...
CVE-2025-40571
A vulnerability has been identified in Mendix OIDC SSO Mendix 10.12 compatible All versions V4.0.1, Mendix OIDC SSO Mendix 9 compatible All versions V3.3.1, Mendix OIDC SSO V4.2 Mendix 10 compatible All versions V4.2.1, Mendix OIDC SSO V4.3 Mendix 10 compatible All versions. The Mendix OIDC SSO...
XSS vulnerability exists in some specific browsers
Description The XSS vulnerability cannot be triggered in Chrome, but it is triggered when using Firefox and the latest version of Firefox. Since Firefox is widely used, when the administrator uses Firefox to view the relevant interface, the XSS vulnerability will be triggered, resulting in the...
CVE-2024-9188
Specially constructed queries cause cross platform scripting leaking administrator tokens...