69 matches found
CVE-2026-53640
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...
Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap
Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of authorization in the PostgreSQL CREATE STATISTICS command allows a table owner to perform denial of service against other users who also attempt to execute CREATE STATISTICS commands within the same schema. A subsequent execution of the CREATE STATISTICS command with the same name, by a...
Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL
Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize call used by the local-file branch. Key evidenc...
WordPress plugin NanoCare 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Newses 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin B2BKing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...
CVE-2026-42461
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
CVE-2026-42880
A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the...
CVE-2026-42461
Arcane (Huma backend) has an unauthenticated information disclosure vulnerability prior to version 1.18.0. Four GET endpoints under /api/templates* (list, all, specific, and content) were registered without any Security requirement, enabling unauthenticated network clients to read full Compose YA...
HCL BigFix WebUI 安全漏洞
HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an authorization gap that could result in an authenticated user without appropriate privileges accessing an unauthorized page to view sensitive environmental...
CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...
GHSA-CXX3-HR75-4Q96 Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
Summary Four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expose...
SAP S/4HANA OData Service 安全漏洞
The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service. This vulnerability stems from the lack of authorization checks, which may lead to...
CVE-2026-22683 Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...
PT-2026-30978
Name of the Vulnerable Software and Affected Versions RustFS versions prior to alpha.90 Description RustFS, a distributed object storage system built in Rust, had a missing authorization check in the multipart copy path UploadPartCopy before version alpha.90. This allowed a low-privileged user,...
GHSA-R32R-J5JQ-3W4M Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Summary A Manager account accessall=false was able to escalate privileges by directly invoking the bulk-access API against collections that were not originally assigned to them. The API allowed changing assigned=false to assigned=true, resulting in unauthorized access. Additionally, prior to the...
CVE-2026-23495
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...
WordPress plugin Walker for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...