544 matches found
CVE-2026-6898
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2026-38587
CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...
CVE-2026-39832
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...
CVE-2026-2734
In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...
CVE-2026-20223
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...
CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-34754 MantisBT allows unauthorized users to upload attachments to restricted issues via REST API
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...
CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...
CVE-2026-7648
The LearnPress WordPress LMS plugin (versions up to 4.3.5) is affected by a payment bypass via a user-controlled parameter in the REST API. In add_to_cart(), unsanitized request parameters are passed via array_merge(), allowing an attacker with subscriber-level access or higher to overwrite hardc...
PT-2026-40849
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update gallery data function and improper output escaping in the gallery init function. The...
GHSA-P3HX-PWF3-J8WR Nautobot: GitRepository.current_head field should not be writable through REST API
Impact A user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clones of the relevant repository to checkout a commit other than the latest...
PT-2026-40720
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...
CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-7428
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
CVE-2026-7428 Insecure default administrative credentials in AlloyDB for PostgreSQL
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
PT-2026-39891
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description A missing authorization check in the file visibility function allows any authenticated user with REPORTER level access or higher to download attachments from private bugnotes they are not...
PT-2026-39509
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config file endpoint to achieve remote code...
CVE-2026-42137
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, pages.access/list and files.access/list permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0...
PT-2026-38904
Name of the Vulnerable Software and Affected Versions Sky Addons versions prior to 3.3.3 Description The Sky Addons plugin for WordPress allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. This occurs because the sky-custom-scripts custom post type i...