11758 matches found
CVE-2026-28736
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...
CVE-2026-28736
Focalboard 8.0 is affected by an IDOR-like issue in the file content endpoint: it fails to validate ownership when serving uploaded files, enabling an authenticated user who knows a victim’s fileID to read that file’s content. The vulnerability stems from insufficient access checks for file retri...
CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-25773
CVE-2026-25773 — Focalboard 8.0 Second-Order SQL Injection in category reorder : The vulnerability arises from insufficient sanitization of category IDs used in dynamic SQL during category reordering. An authenticated attacker can store a malicious SQL payload in the category ID field, which is l...
PT-2026-30042
Name of the Vulnerable Software and Affected Versions Focalboard version 8.0 Description Focalboard version 8.0 does not properly validate file ownership when serving uploaded files. This allows an authenticated attacker with knowledge of a victim's fileID to read the file's content. The product ...
CVE-2026-5128
...
PT-2026-28737
Name of the Vulnerable Software and Affected Versions DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6 Description A flaw exists in the getCodebase/getRemoteCodebase/saveCodebase functions within the src/tools/codebase.ts file of the RepoMix Command Handler component. Thi...
PT-2026-28743
Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...
PT-2026-28744
Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A SQL injection issue exists in code-projects Accounting System version 1.0. The issue is located in an unknown functionality within the /view costumer.php file, specifically affecting th...
PT-2026-28732
Name of the Vulnerable Software and Affected Versions Simple Food Order System version 1.0 Description A flaw exists in Simple Food Order System 1.0 related to the handling of parameters. Specifically, manipulating the Name argument can lead to SQL injection. This issue affects an unknown functio...
PT-2026-28696
Name of the Vulnerable Software and Affected Versions SourceCodester Note Taking App version 1.0 Description A cross-site request forgery condition exists in SourceCodester Note Taking App. The issue impacts an unknown function and allows for remote exploitation. The exploit has been publicly...
PT-2026-28475
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A hidden functionality issue exists that may allow an attacker to gain access to the product’s debugging functionality. Successful exploitation could result in the...
PT-2026-28647
Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description A hidden functionality exists in NEC Platforms, Ltd. Aterm Series that allows an attacker to enable telnet access via the network. Recommendations At the moment, ther...
PT-2026-28495
Name of the Vulnerable Software and Affected Versions WordPress Plugin OpenStreetMap versions affected versions not specified Description The OpenStreetMap WordPress plugin by MiKa has a cross-site scripting issue. A user logged in with page creation or editing rights can inject malicious script...
PT-2026-28440
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...
PT-2026-28477
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A missing authentication check for a critical function allows an attacker to forcibly reboot the product without authentication. There is no information about the number...
PT-2026-28433
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A system-affecting issue exists in Microsoft Edge Chromium-based. Recommendations At the moment, there is no information about a newer version that contains a fix for th...
PT-2026-28290
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a File Discovery issue. An attacker could exploit this to read sensitive files present on the system and potentially use them to plan further...
PT-2026-28296
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to an HTTP Response Splitting issue. The impact of this issue depends on how the web application processes split responses, potentially allowing...
PT-2026-28293
Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a spamming issue that could allow an attacker to exhaust server resources, potentially leading to a Denial of Service. Excessive spamming can consum...