CVE-2026-45893

The CVE-2026-45893 entry concerns the Linux kernel’s apparmor component, where table creation from possibly unaligned user-provided data caused potential unaligned memory accesses. The underlying issue arises when a source blob from userspace may be unaligned, prompting a fix to optimize the copy...

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL-Execution vulnerability exploitable by authenticated administrators via the DatabaseQuery interface. Attackers can send crafted SQL in the qs parameter to /admin/DatabaseQuery to read sensitive data (e.g., usernames and password hashes from the OKM_USER ...

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

CVE-2021-47928

Opencart TMD Vendor System 3.x is affected by a blind SQL injection via the product_id parameter, allowing unauthenticated attackers to enumerate data from oc_user (usernames, emails, password reset codes). The vulnerability is described as a time-based/content-based blind injection with high con...

CVE-2021-47928

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the createBundle method in csettings.cfc, which did not properly validate the anti-CSRF token...

CVE-2026-41056

WWBN AVideo (versions 29.0 and below) is affected by a cross-origin vulnerability where allowOrigin($allowAll=true) reflects arbitrary Origin headers in Access-Control-Allow-Origin together with Access-Control-Allow-Credentials: true. The reflection occurs in objects/functions.php and is invoked ...

CVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

EUVD-2026-14576

Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information...

CVE-2026-27579

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

PT-2026-21376

Name of the Vulnerable Software and Affected Versions CollabPlatform affected versions not specified Description The application’s Appwrite project is misconfigured, allowing arbitrary origins in Cross-Origin Resource Sharing CORS responses while also permitting credentialed requests. This allows...

CVE-2026-21409

CVE-2026-21409 affects RICOH Streamline NX versions 3.5.1 through 24R3. The vulnerability is described as improper authorization that could allow an attacker performing a man‑in‑the‑middle on the communication between the user and the product to retrieve the user’s registration information and/or...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

RICOH Streamline NX 安全漏洞

RICOH Streamline NX is a document and print management software from RICOH Japan. A security vulnerability exists in RICOH Streamline NX versions 3.5.1 through 24R3 that stems from improper authorization and could result in the retrieval of user registration information and or OIDC tokens...

Adobe Experience Manager (AEM) QueryBuilder JCR Hashed Password Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the hashed passwords of users in the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servle...

OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…...

GHSA-MQCJ-8C2G-H97Q Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

WordPress Doliconnect plugin cross-site scripting vulnerability

WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...