10 matches found
CVE-2026-39250
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
PT-2026-42008
Name of the Vulnerable Software and Affected Versions Innoshop version 0.6.0 Description An authorization issue allows an attacker who has logged into the frontend to directly access backend application interfaces, which can lead to the execution of dangerous operations. Recommendations At the...
CVE-2026-31220
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
CVE-2026-26151
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-17423
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...
CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...
PT-2025-38063
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based for Android affected versions not specified Description: The software contains a flaw due to insufficient user interface warnings regarding dangerous operations. This allows an unauthorized attacker to perform...
CVE-2023-26478
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...