EUVD-2026-10909

django-unicorn affected by component state manipulation via unvalidated attribute access...

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

Livewire 代码注入漏洞

Livewire is Livewire open source a full stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A code injection vulnerability exists in Livewire 3.6.3 and earlier versions, which stems from mishandling of component property updates and could lead to remote...

CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...

GHSA-JMX8-355M-8VWH Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. - https://vaadin.com/security/cve-2018-25007...

July 18, 2018—KB4338831 (Preview of Monthly Rollup)

July 18, 2018—KB4338831 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part KB4338815 released July 10, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses additional...