CVE-2026-6419 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

GHSA-XVP4-PHQJ-CJR3 phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

keycloak: org.keycloak.services: Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

EUVD-2026-30882

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

CVE-2026-44555

Open WebUI (self-hosted AI platform) has a vulnerability where a model created with base_model_id can chain to a restricted base model without validating access to that base model. Before 0.9.0, during model creation, the system does not verify the creator’s permission on the referenced base mode...

CVE-2026-44555

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via basemodelid: a user-defined model e.g., "Cheap Assistant" can reference an existing base model e.g., "gpt-4-turbo-restricted" that provides...

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

CVE-2026-45007

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

EUVD-2026-30591

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATIONEDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

EUVD-2026-29726

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

Incorrect Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Summary 12 endpoints in ConfigurationTabController.php use userIsAuthenticated login-only check instead of userHasPermissionPermissionType::CONFIGURATIONEDIT. This allows any authenticated user — including ones with zero admin permissions — to enumerate system configuration metadata including the...

Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

CVE-2026-36956

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

CVE-2026-7083

CVE-2026-7083 affects likeadmin-likeshop likeadmin_php up to 1.9.6. The vulnerability is in the function queryResult of server\app\adminapi\lists\tools\DataTableLists.php within the DataTable Admin API. This manipulation leads to a SQL injection vulnerability that can be exploited remotely. The e...