435 matches found
CVE-2026-33746
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
GHSA-GHFJ-FX47-WG97
creationtimestamp| type| source ---|---|--- 2026-04-01 23:27:43+00:00| seen| Telegram/9bl7FEfQKeFpZFPlYLUaNlRChLBL7dB3Syrn3BTLiX1da84...
CVE-2026-31799
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...
GHSA-M2H6-4XPQ-QW3M
creationtimestamp| type| source ---|---|--- 2026-03-31 19:20:10+00:00| seen| Telegram/kcbrs7WWw-nIPeTyrZTDg68aatJd3a7QKUME-vVoB020PA...
GHSA-FR76-5637-W3G9
creationtimestamp| type| source ---|---|--- 2026-03-26 23:20:23+00:00| seen| Telegram/jxEelE5YQIva3R3hkn6lv-ITU5UuBT3ODsw8JQI8o6Btes...
GHSA-FJ74-QXJ7-R3VC AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query
Summary In objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An attacker who can control the videosid value via a crafted request can inject...
CVE-2019-25486
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...
CVE-2026-30892
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
GHSA-5M4Q-5CVX-36MW AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path
Summary The restreamer endpoint constructs a log file path by embedding user-controlled usersid and liveTransmitionHistoryid values from the JSON request body without any sanitization. This log file path is then concatenated directly into shell commands passed to exec, allowing an authenticated...
WordPress REST API TO MiniProgram plugin <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability discovered by WordFence in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...
PT-2026-27170
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The restreamer endpoint constructs a log file path by embedding user-controlled users id and liveTransmitionHistory id values from the JSON request...
CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
PT-2026-27010
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
gmsm 数据伪造问题漏洞
GMSM is a commercial cryptography algorithm library implemented in Go language by Sun Yimin as a personal development. Versions of GMSM prior to 0.41.1 contained a data forgery vulnerability. This vulnerability stemmed from an infinite point ciphertext forgery flaw in the SM9 decryption...
CVE-2026-4171
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...
GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
GHSA-R8JR-WG88-FQ5C Keycloak vulnerable to authorization bypass via the Admin API
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...
CVE-2019-25486
CVE-2019-25486 is described as a SQL injection in Varient 1.6.1. An unauthenticated attacker can inject SQL via the user_id parameter in POST requests, bypass authentication, and potentially extract sensitive data. The description does not specify affected products/vendors beyond “Varient 1.6.1,”...
Authorization Bypass Through User-Controlled Key
Overview @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...