CVE-2026-45563 Roxy-WI: IDOR — any authenticated user can read another user's full action history

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

CVE-2026-45559

CVE-2026-45559 affects Roxy-WI web interface (versions ≤ 8.2.6.4). The vulnerability arises from get_ldap_email in app/modules/roxywi/user.py, where the LDAP search filter is built via string concatenation and the URL username parameter is used verbatim without input validation or LDAP escaping. ...

GHSA-JR54-JWHJ-55GP NocoDB: User Enumeration via Sign-In Timing

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

PT-2026-46998

Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. Details The unknown-user branch in auth.service.ts now performs a bcrypt.compare against a fixed dummy hash so the response ti...

UBUNTU-CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-46053

CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

CVE-2026-43881 WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

PT-2026-37297

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An issue in the 'objects/users.json.php' endpoint allows unauthenticated remote attackers to disclose the full set of registered user accounts. This occurs through two distinct paths: First, the...

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

CVE-2026-26708

Affected product: sourcecodester Pharmacy Point of Sale System v1.0. The vulnerability is SQL Injection in /pharmacy/manage_user.php due to improper input sanitization. Impact is described as CRITICAL (C/H, I/H, A/H; CVSS 3.1: 9.8) with Network attack vector, no privileges, no user interaction re...

PT-2026-22655

Name of the Vulnerable Software and Affected Versions sourcecodester Pharmacy Point of Sale System version 1.0 Description The sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection through the /pharmacy/manage user.php file. The manage user.php script does not...

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

CVE-2020-36902

CVE-2020-36902 affects UBICOD Medivision Digital Signage 1.5.1. Affected component: authorization logic accessible via the /html/user endpoint. Root cause: manipulation of the ft[grp] parameter allows normal users to escalate privileges to super admin without authentication. Impact: unauthorized ...

PT-2025-50523

Name of the Vulnerable Software and Affected Versions UBICOD Medivision Digital Signage version 1.5.1 Description A flaw exists in UBICOD Medivision Digital Signage that allows normal users to gain elevated privileges. This is achieved by manipulating the ftgrp parameter. Specifically, sending a...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

EUVD-2021-10086

Malware in sbrugna...

EUVD-2019-11469

Malware in sbrugna...

EUVD-2021-24414

Malware in sbrugna...

EUVD-2024-2247

Malicious code in bioql PyPI...