CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

CVE-2026-44442

ERPNext (free/open source ERP) has a vulnerability in versions prior to 16.9.1 where certain endpoints did not enforce proper authorization, allowing users to modify data beyond their permitted role due to missing validation. The issue affects endpoints that perform data modification and is class...

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

CVE-2026-44442

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

EUVD-2026-30195

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

CVE-2026-0240

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...

CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

CVE-2026-0240

Mode C: CVE-2026-0240 affects Trust Protection Foundation. It describes an information disclosure vulnerability where an authenticated attacker can access sensitive data from the server vault, potentially impersonate any user and arbitrarily modify configuration settings. The available references...

EUVD-2026-29957

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

GHSA-2RGP-F66F-4499 Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy

Summary The Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments,...

Malicious code in numpy-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e0009e8bfad1a403632094f43e661b328b40a6f518db00b890712789e39734 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

Malicious code in pandas-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

Malicious code in py-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd2bd26870d2cf5df73c69bca7ed9088604eccf44727e4c59f0301cc8ccd35a Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

MAL-2026-3662 Malicious code in py-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2bd2bd26870d2cf5df73c69bca7ed9088604eccf44727e4c59f0301cc8ccd35a Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

Malicious code in rich-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

MAL-2026-3659 Malicious code in rich-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc191d72f2f92d966897d0f635b53afecd9a62e8b63de13fff125a00377fcb63 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...

CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

CVE-2026-32643

CVE-2026-32643 affects BIG-IP and BIG-IQ. An authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Impact includes execution of system commands, file creation/deletion, and potential Appliance mode restrictions by...

CVE-2026-3426

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savewidget and resetallwidgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-lev...

CVE-2026-2515

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...