EUVD-2026-30329

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter

Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...

CVE-2020-36970 PMB 5.6 - 'chemin' Local File Disclosure

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the...

CVE-2025-67952

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through 5.6.2...

WordPress plugin "Electrician - Electrical Service" – code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-2447

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Server. The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Deskto...

UBUNTU-CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

IBM QRadar SOAR Plugin App 输入验证错误漏洞

IBM QRadar SOAR Plugin App is an application for messaging from International Business Machines IBM. An input validation error vulnerability exists in IBM QRadar SOAR Plugin App version 5.6.0 and earlier, which stems from a directory traversal issue that could lead to viewing arbitrary files...

CVE-2020-25118

The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...

WordPress Plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token prior to Avecto elevation. When Avecto elevates the process, it removes the user who is launching the process, but not the second...

CVE-2023-22085

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5...

Simmeth System Supplier Manager SQL注入漏洞

Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

Big Ant Studios BigAnt Software BigAnt Server 跨站脚本漏洞

BigAnt Software BigAnt Server is a server from Big Ant Studios in Australia. BigAnt Software BigAnt Server version 5.6.06 suffers from a security vulnerability, no details of the vulnerability are available at this time...

CVE-2022-0521

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2...

CVE-2022-0139

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0...

sokrates Sokrates SOWA SowaSQL Cross-Site Scripting Vulnerability

sokrates Sokrates SOWA SowaSQL is an administrative database applied to the library environment by the Polish company sokrates. A cross-site scripting vulnerability exists in Sokrates SOWA SowaSQL version 5.6.1 and earlier versions, which originates from the sowacgi.php typ parameter, OPAC is...

mysql: unspecified vulnerability related to Server:Parser (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser...

mysql: unspecified vulnerability related to Server:Memcached (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2015-06982)

Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. An unspecified vulnerability exists in Oracle MySQL Server versions 5.5.45 and earlier and 5.6.26 and earlier. ...