4 matches found
CVE-2026-39602
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-5632
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
CVE-2026-27353
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through = 3.4.3...
CVE-2025-51825
CVE-2025-51825 applies to JeecgBoot versions 3.4.3 through 3.8.0. A SQL injection vulnerability exists in the endpoint /jeecg-boot/online/cgreport/head/parseSql that allows bypassing SQL blacklist restrictions. The incident is documented across multiple feeds (NVD, Red Hat, GHSA, osv, etc.). Impa...