201990 matches found
Blinko <= 1.8.3 - User Information Leak
Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...
WeGIA <= 3.6.4 - Remote Code Execution
WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...
PraisonAI AgentOS - Information Disclosure
PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...
CVE-2026-28705
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...
EUVD-2026-41641
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...
EUVD-2026-41557
A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...
EUVD-2026-41555
A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...
CVE-2026-58579
RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...
EUVD-2026-41421
RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...
CVE-2026-58579
RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization. The update endpoint normalizes DSL via JSON serialization but preserves the node name, and the dataflow-result UI renders it with dangerouslySetInnerHTML while i18next escapeValue is false, allowing an authentica...
EUVD-2026-36317
OpenClaw: Matrix allowFrom could bind to mutable display names...
CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...
CVE-2026-11781
The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...
EUVD-2026-41249
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-34099
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...
EUVD-2026-41056
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...
CVE-2026-58033 "Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deleted
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
CVE-2026-12113
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...
PT-2026-54735
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...