CVE-2026-54130

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

PT-2026-34882

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

CVE-2025-67259

Affects ClassroomIO v0.1.13. A Broken Access Control vulnerability allows an authenticated low-privilege student to access unauthorized course information by altering intercepted API requests. Specifically, changing a captured POST request to a GET against the /rest/v1/course PostgREST endpoint e...

CVE-2026-4812

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-35023

CVE-2026-35023 concerns Wimi Teamwork On-Premises versions prior to 8.2.0. The issue is an insecure direct object reference (IDOR) in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve im...

SUSE CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin's live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

EUVD-2026-11108

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

PT-2026-7955

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

CVE-2026-1927

CVE-2026-1927 affects the Greenshift – animation and page builder blocks plugin for WordPress (versions up to and including 12.5.7). The root cause is a missing capability check in the greenshift_app_pass_validation() function, allowing authenticated attackers with Subscriber-level access and abo...

CVE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

[SECURITY] [DLA 4409-1] paramiko security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4409-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 16, 2025 https://wiki.debian.org/LTS -...

Primakon Pi Portal 安全漏洞

Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from insufficient access control in the /api/v2/users endpoint and could lead to unauthorized data disclosure...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

Grafana Databricks Datasource Plugin 安全漏洞

Grafana Databricks Datasource Plugin is an open source datasource connection plugin for Grafana. A security vulnerability exists in Grafana Databricks Datasource Plugin version 1.12.1 through versions prior to 1.12.0, which stems from the incorrect use of user identifiers when Oauth passthrough i...

CVE-2020-36859

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

EUVD-2017-5611

Malware in sbrugna...

Nozomi Networks CMC 安全漏洞

Nozomi Networks CMC is a network management platform from Nozomi Networks, Inc. A security vulnerability exists in Nozomi Networks CMC versions prior to 25.1.0 that stems from improper access control and could lead to unauthorized network data disclosure...

Linux Distros Unpatched Vulnerability : CVE-2022-47951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before...

CVE-2020-11841

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure...

CVE-2024-31817

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg...