CVE-2026-21409

CVE-2026-21409 affects RICOH Streamline NX versions 3.5.1 through 24R3. The vulnerability is described as improper authorization that could allow an attacker performing a man‑in‑the‑middle on the communication between the user and the product to retrieve the user’s registration information and/or...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

RICOH Streamline NX 安全漏洞

RICOH Streamline NX is a document and print management software from RICOH Japan. A security vulnerability exists in RICOH Streamline NX versions 3.5.1 through 24R3 that stems from improper authorization and could result in the retrieval of user registration information and or OIDC tokens...

CVE-2025-13493

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

CVE-2019-12902

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data...

CVE-2025-13493

CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

PT-2026-1962

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal versions prior to 4.5.6 Devolutions PowerShell Universal versions prior to 5.6.13 Description A cross-site scripting issue exists in Devolutions PowerShell Universal. This allows for potential malicious code...

PT-2026-1469

Name of the Vulnerable Software and Affected Versions WPFactory Wishlist for WooCommerce versions through 3.3.0 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This allows for the...

CVE-2025-61781

OpenCTI prior to 6.8.1 is affected by an authorization flaw in the GraphQL mutation WorkspacePopoverDeletionMutation, which allows an authenticated user to delete workspace objects (dashboards, investigation cases) belonging to other users. The API does not verify ownership, enabling unauthorized...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. Code-Projects Online Product Reservation System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the parameters fname/lname/...

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

Langflow Missing Authentication on Critical API Endpoints

Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal dat...

BIT-GITEA-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

PT-2026-27692

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0 Description The Linux kernel contains a flaw in the cxl/mbox subsystem. Specifically, the cxl payload from user allowed function casts and dereferences input payload data without first verifying its size...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992987 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

WordPress Icegram Express Pro plugin deserialization vulnerability

WordPress Icegram Express Pro plugin is an advanced email marketing automation tool designed for WordPress websites. WordPress Icegram Express Pro plugin suffers from a deserialization vulnerability that stems from unsafe deserialization of serialized data received by the application from users,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992264)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992264 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

novel 安全漏洞

novel is an open source novel system by xxyopen open source. A security vulnerability exists in novel version V3.5.0, which stems from insufficient validation and coding of user-controllable data, and may result in the execution of arbitrary JavaScript code or the disclosure of sensitive...

Apple macOS Information Disclosure Vulnerability (CNVD-2026-16059)

Apple macOS is an operating system from the American company Apple Apple. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to cause access to sensitive user data...