97 matches found
PT-2026-26759
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.53 Parse Server versions prior to 9.6.0-alpha.42 Description Parse Serverās LiveQuery WebSocket interface did not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields...
EUVD-2019-19754
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to...
BIT-DISCOURSE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265
Discourse versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose an IDOR in the directory items endpoint (GET /directory_items.json?period=all&user_field_ids=...). The DirectoryItemsController#index accepts arbitrary user_field_ids without proper authorization, bypassing visibility controls a...
CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
EUVD-2026-8859
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
PT-2026-22156
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. An IDOR vulnerability exists in the directory items endpoint, allowing...
WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability
Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...
CVE-2003-1031
Cross-site scripting XSS vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as 1 "Interests-Hobbies", 2 "Biography", or 3 "Occupation."...
CVE-2025-26391
SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...
CVE-2024-44652
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail, username, userfirstname, userlastname, and useraddress parameters in userregister.php...
EUVD-2025-38110
Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through = 2.1.2...
CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...
EUVD-2007-3126
Malware in sbrugna...
EUVD-2016-5921
Malware in sbrugna...