52 matches found
CVE-2026-8237
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
EUVD-2026-31352
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8237
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8237
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8237 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8237
CVE-2026-8237 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an IDOR in the /ccm/frontend/conversations/message_detail endpoint, which can expose full content of conversation messages, including those from restricted pages, member-only areas, and the moderation queue, as well as fil...
EUVD-2026-28644
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-37431
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-37431
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-37431
Affected product: Beauty Parlour Management System v1.1. Vulnerability: SQL injection via the aptnumber parameter in the /appointment-detail.php endpoint. Impact (as stated): Attacker can access sensitive database information by crafting SQL statements; high confidentiality, integrity, and availa...
Beauty Parlour Management System SQL注入漏洞
Beauty Parlour Management System is a beauty salon management system developed by Darkseid’s developers. Version 1.1 of Beauty Parlour Management System has a SQL injection vulnerability. This vulnerability stems from the aptnumber parameter in the /appointment-detail.php endpoint, which may allo...
CVE-2026-41464
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464
ProjeQtor versions 7.0–12.4.3 expose a missing authorization vulnerability in objectDetail.php. Authenticated users with guest-level privileges can access data belonging to other users (including password hashes and API keys) by directly hitting the endpoint without ownership or RBAC validation, ...
CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-5585
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...
EUVD-2026-19115
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...
CVE-2026-5585
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...
CVE-2026-5585 Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...