PT-2026-43305

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

EUVD-2026-9333

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

CVE-2026-26272

CVE-2026-26272 – HomeBox is affected by a stored XSS in the item attachment upload feature. An authenticated user can upload HTML or SVG files containing JavaScript due to improper validation of file types; attachments are served via direct links and the script runs in the app’s origin when opene...

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

SUSE SLES15 Security Update : kernel (Live Patch 59 for SLE 15 SP3) (SUSE-SU-2025:03672-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03672-1 advisory. This update for the Linux Kernel 5.3.18-15030059211 fixes several issues. The following security issues were fixed: - CVE-2025-38499:...

Sensitive Data Exposure

@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...

Unveiling Usability Challenges in Web Privacy Controls

With the increasing concerns around privacy and the enforcement of data privacy laws, many websites now provide users with privacy controls. However, locating these controls can be challenging, as they are frequently hidden within multiple settings and layers. Moreover, the lack of standardizatio...

UBUNTU-CVE-2023-5117

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...

GitLab Community Edition和GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

PT-2024-27120 · Weblir · Weblir Login As Customer Pro

Name of the Vulnerable Software and Affected Versions: Weblir Login as customer PRO module versions prior to 1.2.7 Description: The issue allows a guest to access a direct link to connect to each customer account of the shop if the module is not installed or if a secret accessible to the...

CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

Code injection

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

Viki Solutions Viki Vera Access Control Error Vulnerability

Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. An access control error vulnerability exists in Viki Vera version 4.9.1.26180, which is related to the affected...

zeejobsite-upload.txt

ZEEJOBSITE v2.0 remote file Upload author: ZoRLu msn: [email protected] home: www.z0rlu.blogspot.com dork: "[email protected]" date: 08/11/2008 aha simdi gönderiyorum saat 10:40 : first register to site you add this code your shell to head GIF89a; example yourshell.php: GIF89a; and...