460 matches found
CVE-2026-40474
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...
CVE-2026-1620
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the laegettemplatepart function, which uses an inadequate strreplace approach that can...
Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs
Summary Ech0 allows any authenticated user to read historical system logs and subscribe to live log streams because the dashboard log endpoints validate only that a JWT is present and valid, but do not require an administrator role or privileged scope. Impact Any valid user session can access GET...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities were caused by a mistake in the SQL operator precedence of the hasAccessToLabel function, which could allow any authenticated...
CVE-2026-39319
ChurchCRM exposes a second-order SQL injection in /FundRaiserEditor.php prior to 7.1.0. An authenticated user with low privileges can inject via the iCurrentFundraiser PHP session parameter to read or modify database data. The issue is fixed in 7.1.0. CVSS v3.1 shows High impact (C/H/I/A) with Ne...
PT-2026-30733
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9 Description WeGIA, a Web manager for charitable institutions, contains a SQL injection issue in the 'dao/memorando/DespachoDAO.php' file. The id memorando parameter, obtained from the $ REQUEST variable, is used i...
PT-2026-29364
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo is an open source video platform. A debug endpoint, test.php, within the StripeYPT plugin is accessible to all logged-in users, not just administrators. This endpoint processes Stripe...
CVE-2026-33764
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...
CVE-2021-27230
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...
CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...
CVE-2026-32888
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-29108 Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As...
FreeScout 访问控制错误漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. FreeScout versions 1.8.208 and earlier contained an access control vulnerability. This vulnerability stemmed from defects in access control mechanisms, allowing...
PT-2026-26430
Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the field function parameter received...
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
EUVD-2026-12981
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference IDOR vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated...
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB
Summary POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Details File: kernel/api/router.go Every sensitive endpoint i...
CVE-2026-28384
An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...
GHSA-9V82-XRM4-MP52 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...