103 matches found
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-24546
Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...
CVE-2025-69986
A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...
WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin RegistrationMagic versions = 6.0.7.6...
EUVD-2026-12645
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...
CVE-2026-1376 IBM i Denial of Service
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...
PT-2026-25952
CVE-2026-1376 IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources. https://t.co/NS8gmSThkr...
CVE-2025-12555
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...
CVE-2026-27348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through 7.7.6...
CVE-2026-27348
CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...
EUVD-2024-55395
IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and 7.8 on CP4D 5.1 do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service...
WordPress WPBakery Page Builder plugin <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via VC Single Image link attribute vulnerability discovered by wesley wcraft in WordPress Plugin WPBakery Page Builder versions = 7.6...
CVE-2025-64206
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...
EUVD-2025-204084
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...
CVE-2025-64206
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...
CVE-2025-64205
CVE-2025-64205 affects WordPress Jannah theme versions up to and including 7.6.0. The issue is an improper control of filename for include/require, enabling PHP Local File Inclusion (LFI). The CVSS 3.1 base score is 8.2 (HIGH) with network attack vector, low attack complexity, no privileges requi...
CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...
PT-2025-52161
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...
WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...