Lucene search
K

32 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.9 views

CVE-2026-25714

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS0.00271EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-25714 Gitea user organization API bypasses public-only token filtering

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS7.1AI score0.00271EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/16 11:41 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the checkTokenPublicOnly function. An attacker can access private organization data by using a public-only scoped API token to enumerate organizations, thereby bypassing intended access restrictions. Remediation...

5.3CVSS5.9AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 12:6 p.m.25 views

CVE-2026-7765

Checkmk

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 9:31 a.m.6 views

EUVD-2026-11117

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References11
NVD
NVD
added 2026/03/11 8:16 a.m.6 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS0.00406EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:36 a.m.5 views

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References11
CVE
CVE
added 2026/03/11 7:36 a.m.12 views

CVE-2026-1708

The CVE-2026-1708 entry concerns the WordPress plugin “Appointment Booking Calendar — Simply Schedule Appointments” vulnerable to blind SQL injection in all versions up to 1.6.9.27. The root cause is in TD_DB_Model’s db_where_conditions, which fails to sanitize the append_where_sql parameter pass...

7.5CVSS6AI score0.00406EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/11 7:36 a.m.5 views

CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

7.5CVSS6AI score0.00406EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24597

🚨 CVE-2026-1708 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the db where conditions method in the TD DB Model class failing to prevent the...

7.5CVSS6.1AI score0.00406EPSS
Exploits0References15
OSV
OSV
added 2026/01/03 11:37 a.m.5 views

BIT-GITEA-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

5.3CVSS6.7AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/30 11:6 p.m.11 views

EUVD-2025-205801

RustFS has a gRPC Hardcoded Token Authentication Bypass...

9.8CVSS6.5AI score0.2903EPSS
Exploits3References3
Snyk
Snyk
added 2025/12/26 3:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 3:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

6.4CVSS6.9AI score0.00238EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/26 12:0 a.m.4 views

CVE-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

5.3CVSS7.1AI score0.00238EPSS
Exploits0References4
Rows per page
Query Builder