CVE-2026-46365

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

CVE-2026-45147

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

SiYuan 授权问题漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for the POST /api/tag/getTag endpoint, which cou...

EUVD-2026-27225

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

PT-2026-36979

Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.1 Description The plugin is subject to Insecure Direct Object Reference IDOR, a flaw where an application provides direct access to objects based on user-supplied input. The issue exists in the...

CVE-2026-29038

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

CVE-2026-29038

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

CVE-2026-29038

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

CVE-2026-29038

CVE-2026-29038 affects changedetection.io before version 0.54.4. The vulnerability is a reflected XSS in the /rss/tag/ endpoint where the URL path parameter tag_uuid is reflected in the HTTP response body without HTML escaping. Flask returns text/html by default for plain strings, enabling the br...

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

Sensitive Data Exposure

Apache Superset is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper serialization of sensitive fields in the API response, where authenticated users with low privileges can retrieve sensitive user information, including password hashes, email addresses, and login...

BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

CVE-2026-23983

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

GHSA-H294-8FXM-M2PJ Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

Apache Superset allows authenticated users to view sensitive data without explicit permissions

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...