5058 matches found
CVE-2026-28354 ClipBucket v5 has IDOR in Collection Item Management
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...
CVE-2026-26997
CVE-2026-26997 affects ClipBucket v5 prior to 5.5.3 #59. A normal authenticated user can store a stored XSS payload via the collection name, with the payload being triggered by an administrator. The issue is fixed in version 5.5.3 #59. CVSS metrics in the entry indicate a base score of 5.1 (Mediu...
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...
PT-2026-22379
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description ClipBucket is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are susceptible to authorization flaws. Authenticated users can modify collection items...
CVE-2026-28217
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...
CVE-2026-28217
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...
CVE-2026-28217 IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...
CVE-2026-28217
Technical details about CVE-2026-28217 are not provided in the connected documents. Monitor for updates.
CVE-2026-28217 IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...
CVE-2026-20128
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...
Malicious code in flycord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...
Hoppscotch 安全漏洞
Hoppscotch is an open-source API development ecosystem developed by Hoppscotch. Versions of Hoppscotch prior to 2026.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in the userCollection GraphQL queries, which could lead to insecure dire...
EUVD-2026-8676
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This...
CVE-2026-20128
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...
CVE-2026-20128
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This...
CVE-2026-20128
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...
CVE-2026-20128 Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...