Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Authenticated arbitrary file write in artifact bundle assembly Summary An authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a...

CVE-2026-33141

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

CVE-2026-35596

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, description...

EUVD-2026-21342

Livestatus injection in the monitoring quicksearch in Checkmk 2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins...

MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-5742

The CVE-2026-5742 entry concerns the WordPress UsersWP plugin (versions up to 1.2.60). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets...

CVE-2026-4498

CVE-2026-4498 concerns Kibana, specifically the Fleet plugin, where execution with unnecessary privileges arises from Kibana’s Fleet debug route handlers. An authenticated Kibana user with Fleet sub-feature privileges (e.g., agents, agent policies, settings management) can read index data beyond ...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

PT-2026-31335

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Kibana’s Fleet plugin debug route handlers exhibit execution with unnecessary privileges, potentially allowing authenticated users with Fleet sub-feature privileges to read index data beyond...

CVE-2026-39319

ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...

CVE-2026-39319

ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...

CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the download function. An authenticated attacker with ADD permission can access internal network resources and sensitive...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

Juju has a resource poisoning vulnerability

Summary Any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This one is very straightforward to just read in the code: Step 1: The authorisation mechanism for the resource handler is defined here. One is on...

Juju: Read All Controller Logs From Compromised Workload

Summary It is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. There is a debug log endpoint in the API server that allows streaming of logs off of the controller. To access this endpoint you must be authenticatio...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...