4441 matches found
CVE-2026-3645 Punnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The saveconfig function, which handles the 'punnelsaveconfig' AJAX action, lacks any capability check currentusercan and nonce verification. This makes it...
CVE-2026-3645
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The saveconfig function, which handles the 'punnelsaveconfig' AJAX action, lacks any capability check currentusercan and nonce verification. This makes it...
PT-2026-26864
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save config function, which handles the 'punnel save config' AJAX action, lacks any capability check current user can and nonce verification. This makes i...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
EUVD-2026-13863
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733
Halloy (IRC app in Rust) contained a path-traversal flaw in the DCC receive flow prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6. A remote user could send a DCC SEND filename with path traversal sequences (e.g., ../../.ssh/authorized_keys) and the file could be written outside the user’s...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-23537
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...
Missing Authorization
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...
PT-2026-26687
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorized keys and the fi...
Red Hat OpenShift AI 安全漏洞
Red Hat OpenShift AI is an AI lifecycle management platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift AI, which stems from improper endpoint access control at the /save-document endpoint. This vulnerability could allow unverified remote attackers to write...
EUVD-2026-13380
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...