11552 matches found
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
EUVD-2026-43622
A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-57377
Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...
CVE-2026-15509
Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...
CVE-2026-15490
A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...
EUVD-2026-43212
A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...
CVE-2026-15490 RafyMrX TOKO-ONLINE-ROTI add.php sql injection
A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...
GHSA-6W3M-4HHP-775Q vulnerabilities
Vulnerabilities for packages: keda-http-add-on-fips...
CVE-2026-58499
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...
CVE-2026-58499 Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...
CVE-2026-58499
EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...
CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
EUVD-2026-42923
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization
A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-15331
A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...
CVE-2026-45045 Fiber: X-Real-IP Spoofing via Header.Add() in BalancerForward
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add instead of Header.Set when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serve...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit CVE-2026-23449 In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes CVE-2026-31449 In the Linux...
PYSEC-2026-1808 Pulp incorrectly assigns RBAC permissions in tasks that create objects
A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...
PYSEC-2026-2007 vantage6 collaboration admins can extend their influence by expanding the collaboration
Impact Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other...