325 matches found
PT-2026-50812
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...
CVE-2026-46877
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
PT-2026-48753
Trying to download the hotfix for 81.20 hotfix T141 via https://support.checkpoint.com/results/download/143620 for some sick reason this is behind an account login that i do not have access to. wondering if anyone here could provide it, pretty innocuous ask i think...
CVE-2026-22899
The CVE-2026-22899 entry describes a NULL pointer dereference in File Station 6 that can be triggered remotely by an authenticated user to cause a DoS. Affected software: File Station 6 (specific versions affected not explicitly listed beyond the fixed release). Underlying cause: NULL pointer der...
EUVD-2026-35862
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
UBUNTU-CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746 Server crashes in case of the use of exchange
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746 Server crashes in case of the use of exchange
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746
CVE-2026-9746 affects MongoDB Server when using $changestreams with $_requestReshardingResumeToken and the exchange option. The issue causes the server to hit an invariant and crash without requiring special privileges (user must be logged in). The available data identifies the affected feature (...
PT-2026-48292
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A server crash occurs when using $changestreams and $ requestReshardingResumeToken with the exchange option. This issue is triggered when the server hits an invariant, and it can be executed ...
CVE-2026-32325
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...
GHSA-XW54-C3MX-9PM3 Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...
EUVD-2026-31407
The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...
GHSA-54MC-GGHV-4CFJ SQLAdmin: Authorization Bypass on `ajax_lookup`
Impact The ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...
SQLAdmin: Authorization Bypass on `ajax_lookup`
Impact The ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user can still query that model's data through the ajaxlookup endpoint — silently...
PT-2026-42694
Name of the Vulnerable Software and Affected Versions SQLAdmin versions prior to 0.25.1 Description The ajax lookup endpoint in application.py bypasses the is accessible access control check enforced by other endpoints. If a developer restricts model access by overriding is accessible, an...
PT-2026-42597
Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...
CVE-2025-68420 Privilege Escalation in Comarch ERP Optima
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...