CVE-2026-1436 Improper Access Control (IDOR) vulnerability in Graylog Web Interface

Improper Access Control IDOR in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive...

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from...

EUVD-2021-8923

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions...

CVE-2021-21751

ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687

Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...

CVE-2022-27780

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

CVE-2022-23137

ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered...

CVE-2022-0803

Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2021-21751

CVE-2021-21751 affects ZTE BigVideo analysis product. The vulnerability arises from an input verification issue caused by inconsistency between front- and back-end verifications when configuring the large-screen page, allowing attackers with high privileges to tamper URLs and trigger a service ex...

Booking Core 授权问题漏洞

Booking Core is a software application. A Laravel based booking system designed for travel websites, malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. An Access Control Error vulnerability exists in Booking Core 2.0, which can be exploited by an...

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. Submitted values weren't escaped in case of date, time or hidden fields. This made it possible to perform an XSS attack by URL tampering 🕵️‍♂️ Proof of Concept Find a Spoon Form where there is a date, time or hidden field and pass...

Small ants camera commands to perform the patch bypass-vulnerability warning-the black bar safety net

The thing is, last week on the microblogging onlookers a safe laboratory and a factory camera in the tear forced war, saw the publication of an old version vulnerability suddenly shocked Ah, so you want to look at the people in the hands clutching that vulnerability is going around to ask for hel...

OAuth Request Crafter - Tool that helps you to play with OAuth signature protected URLs

OAuth Request Crafter is a tool that helps you to play with OAuth signature protected URLs. Features Support GET,POST,PUT and DELETE Proxy the Request Tamper URL, Parameters & Headers on the GO Add additional Headers and Cookie Why ? When dealing with OAuth signature protected URLs, For tampering...

Bugzilla多个远程安全漏洞

BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞，远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段，这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串，执行跨站脚本攻击。...