CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

CVE-2018-25336

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

Malicious code in netping (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecc862a2bc12e6779034a99abd68c5d4ffb047f1fc2ae94407dd9e4ad54df5cf The package silently downloads and installs an autostart script that then monitors clipboards and replaces copied cryptowallet adresses. --- Category: MALICIOU...

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

Authorization Bypass

Netmaker is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization logic in the Authorize middleware, where a valid host JWT token is accepted when hostAllowed=true without verifying that the host is authorized to access the specific target resource, allowing acces...

EUVD-2026-30668

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

DEBIAN-CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

UBUNTU-CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-8704

CVE-2026-8704 affects Crypt::DSA for Perl, version up to 1.19, where the 2-argument open function can allow existing files to be modified. This is the underlying root cause described across multiple sources. A fixed version is indicated as later than 1.19 (e.g., 1.20 per release notes), with reme...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the failure to enforce the PostEditTimeLimit in the post patch and update API endpoints. An attacker can alter file attachments, properties, and pin status of posts after the...

CVE-2026-44571 Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

CVE-2026-44571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

EUVD-2026-30655

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, in standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read...

CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...