CVE-2026-23696

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-6998

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-6997

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-6998 BDCOM P3310D New RMON Statistics cross site scripting

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-6998

CVE-2026-6998 affects BDCOM P3310D version 0.4.2, build 10.1.0F (86345). The vulnerability targets an unknown function within the New RMON Statistics Page, where manipulating the Owner argument triggers a cross-site scripting (XSS) flaw. The attack is described as executable remotely, and public ...

CVE-2026-6997 BDCOM P3310D New RMON History cross site scripting

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Owner parameter in the New RMON...

PT-2026-35173

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Owner parameter in the New RMON...

Windmill SQL注入漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.276.0 to 1.603.2 have a SQL injection vulnerability. This vulnerability stems from the owner parameter in the folder ownership management function, which allows for SQL injection attacks. It...

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697

CVE-2026-2697 is an IDOR vulnerability in Tenable Security Center prior to 6.8.0 where an authenticated remote attacker can escalate privileges via the owner parameter. Multiple sources (NVD, Red Hat, CVE listings, and Tenable advisory) confirm the issue and its association with Security Center. ...

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

CVE-2026-2697 Indirect Object Reference (IDOR) in Security Center

An Indirect Object Reference IDOR in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter...

PT-2026-21523

Name of the Vulnerable Software and Affected Versions Security Center affected versions not specified Description An Indirect Object Reference IDOR exists in Security Center that could allow an authenticated remote attacker to escalate privileges. The issue is related to the owner parameter. An...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There is a security vulnerability present in Tenable Security Center, which stems from an insecure direct object reference in the owner parameter, potentially leading to privilege escalation...

EUVD-2025-37391

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters e.g.,...

PT-2025-44671

Name of the Vulnerable Software and Affected Versions Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2 Description The Summer Pearl Group Vacation Rental Management Platform is affected by inadequate server-side authorization. Authenticated attackers can access and...