PT-2026-31096

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permission callback' set to ' return true', meaning no...

CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...

CVE-2021-41034

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Jav...

GHSA-WPR5-RC2J-99P2 Jenkins Publish to Bitbucket Plugin is missing a permissions check

Jenkins Publish to Bitbucket Plugin 0.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials IDs obtained through another method, capturing...

EUVD-2025-30251

Malicious code in bioql PyPI...

EUVD-2022-43589

Malicious code in bioql PyPI...

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

Icinga Director 访问控制错误漏洞

Icinga Director is an Icinga configuration and deployment tool from Icinga Open Source. An access control error vulnerability exists in Icinga Director version 1.0.0 and earlier, which stems from an improperly access controlled REST API endpoint that could lead to information disclosure and...

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

Information disclosure

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

CVE-2022-40292

CVE-2022-40292 affects PHP Point of Sale 19.0 by PHP Point of Sale, LLC. The vulnerability enables unauthenticated user enumeration by querying an unsecured endpoint to retrieve information about accounts, constituting an information disclosure issue. The NVD entry and related records describe th...

CVE-2022-40292 Unauthenticated username enumeration in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

PT-2022-25328 · Php Point Of Sale Llc +1 · Php Point Of Sale

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue allows for unauthenticated user enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. Recommendations: At the moment...