52205 matches found
PT-2026-22711
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...
PT-2026-22830
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.15.0 and earlier Description An authentication bypass exists in the Microsoft Entra ID Azure AD authentication mode. An unauthenticated user can authenticate as an arbitrary Entra ID user by using a forged JS...
PT-2026-22726
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...
PT-2026-22746
Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11 Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead ...
WordPress LatePoint plugin <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import vulnerability
Authenticated Administrator+ SQL Injection via JSON Import vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.7...
`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization
Summary A critical Prototype Pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the...
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...
GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...
GHSA-X4VH-J75G-268G NocoDB's Refresh Tokens Not Revoked on Password Reset
Summary The password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. Details passwordReset in users.service.ts updated tokenversion invalidating JWTs but did not...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decryptcek function. An attacker can cause excessive CPU resource consumption by supplying a crafted JSON Web Encryption JWE token with an unbounded p2c parameter value, leadi...
GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)
Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...
Bytebase vulnerable to Improper Authentication
Impact - GitLab login allows login by any user. - JWT auth token can be derived as long as the server isn't rebooted. - Developers can assign issues to non-admin/DBA users...
Use of Client-Side Authentication
Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...
GHSA-5R3P-6RJ5-7937 Bytebase vulnerable to Improper Authentication
Impact - GitLab login allows login by any user. - JWT auth token can be derived as long as the server isn't rebooted. - Developers can assign issues to non-admin/DBA users...
CVE-2026-28396
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...
CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...
CVE-2026-28396
CVE-2026-28396 concerns NocoDB, a database-as-spreadsheets platform. Prior to version 0.301.3, the password reset flow failed to revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. The i...
CVE-2026-28396
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...
Hackviser
Hackviser — Scenario Writeups A collection of detailed writeu...