CVE-2026-39355

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355

CVE-2026-39355 affects the Genealogy PHP application. Before version 5.9.1, a broken access control in TeamController::transferOwnership() lets any authenticated user transfer ownership of arbitrary non-personal teams to themselves, enabling takeover of team workspaces and access to associated da...

EUVD-2026-9600

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

CVE-2016-9271

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature...

CVE-2025-67568

Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through = 5.9.1...

EUVD-2025-202078

Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through = 5.9.1...

PT-2025-43786

Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through = 5.9.1...

EUVD-2025-19117

Malicious code in bioql PyPI...

CVE-2025-28987

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987 WordPress PressForward <= 5.9.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...

CVE-2025-28987

CVE-2025-28987 affects the WordPress plugin PressForward (versions up to 5.9.1 as stated in multiple sources). The vulnerability is a Server-Side Request Forgery (SSRF) issue with a CVSS v3.1 base score of 6.4 (Medium); impact is limited to confidentiality/integrity and no impact on availability ...

WordPress plugin PressForward 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-37944

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1...

CVE-2023-48104

Alinto SOGo before 5.9.1 is vulnerable to HTML Injection...

CVE-2025-31119

generator-jhipster-entity-audit (a JHipster module) is affected by unsafe reflection when Javers is used as the Entity Audit Framework. Before version 5.9.1, an attacker who can place malicious classes on the classpath and access the REST endpoints could trigger remote code execution. The issue i...

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

BroadlinkManager 操作系统命令注入漏洞

BroadlinkManager is a python-based project by the individual developer Tomer Klein that allows users to control Broadlink devices. A security vulnerability exists in BroadlinkManager version 5.9.1 that stems from vulnerability to command injection attacks...

Malicious code in @saferpay/logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 00760b75ef6449f1f4125794bd96880aae15b6a332fb2103a23c849e0d0d01f2 The OpenSSF Package Analysis project identified '@saferpay/logging' @ 5.9.1 npm as malicious. It is considered malicious because: - The package...