CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

Fudo Enterprise 安全漏洞

Fudo Enterprise is a security control platform for privileged access management and session auditing developed by the Polish company Fudo. Versions of Fudo Enterprise 5.6.2 and earlier contained security vulnerabilities. These vulnerabilities were due to inadequate protection of API endpoints,...

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

SAP Human Capital Management 安全漏洞

SAP Human Capital Management is a corporate human resources management and employee lifecycle management system developed by the German company SAP. There is a security vulnerability in SAP Human Capital Management. This vulnerability stems from specific messages returned by the system during...

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

CVE-2026-40071

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

Juniper Networks Junos OS MX 安全漏洞

Juniper Networks Junos OS MX is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. There were security vulnerabilities in versions of Junos OS MX prior to 24.4R2-S3 and...

xyOps 安全漏洞

xyOps is a multi-server task scheduling and execution platform developed by Joseph Huckaby. Versions of xyOps prior to 0.9.111 contained security vulnerabilities. These vulnerabilities stemmed from the server’s lack of authorization checks when applying the updateevent key in JSON outputs, allowi...

pstrip64.sys Privilege Escalation

The pstrip64.sys kernel driver exposes an IOCTL that allows low-privileged users to map arbitrary ranges of physical memory into their own virtual address space. This primitive allows full read/write access to the system's physical RAM, enabling attackers to modify critical kernel structures and...

CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

EUVD-2026-16509

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

CVE-2026-20162

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

CVE-2026-1430

The WP Lightbox 2 WordPress plugin is affected in versions prior to 3.0.7. Root cause: insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact: stored XSS could compromise ...

Frigate 安全漏洞

Frigate is a complete native NVR developed by Blake Blackshear, designed specifically for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by an authorization chain issue, which may allow low-privilege users to access...

Grafana MSSQL Data Source Plugin 安全漏洞

The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

WordPress plugin WPGraphQL 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. Veeam Backup and Replication has a security vulnerability that stems from allowing low-privilege users to extract stored SSH credentials...