CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-27659

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CVE-2026-27659 CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

PT-2026-22612

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software contains a flaw that allows for arbitrary code execution. This issue is present in the 'ip/ppes/admin/admin change picture.php' component. Recommendations ...

CVE-2026-26699

CVE-2026-26699 affects sourcecodester Personnel Property Equipment System v1.0. Multiple sources report an arbitrary code execution vulnerability in ip/ppes/admin/admin_change_picture.php. The Red Hat/CIRCL/NVD entries confirm the vulnerable component, but do not provide detailed root-cause speci...

EUVD-2026-9198

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has security vulnerabilities; these vulnerabilities stem from arbitrary code execution in the...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

CVE-2020-37106

The CVE-2020-37106 issue affects Business Live Chat Software 1.0 and is described as a cross-site request forgery (CSRF) vulnerability. A remote attacker can craft a malicious HTML form that sends a POST to the user creation endpoint with administrative access parameters to change user account ro...

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

Exploit for CVE-2025-57428

My security advisories CVE-2025-57428 - Telnet debug interf...

CVE-2025-11103

A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...

CVE-2025-11103

A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...

CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload

A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...

Projectworlds Online Tours and Travels 代码问题漏洞

Projectworlds Online Tours and Travels is an online tours and travels program by Projectworlds India. A code issue vulnerability exists in Projectworlds Online Tours and Travels version 1.0, which stems from improper manipulation of the parameter packageimage in the file /admin/change-image.php,...

CVE-2025-59416

The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2...

CVE-2025-9756

A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...