120 matches found
CVE-2026-42843
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
CVE-2026-42843
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
CVE-2026-42843
The CVE-2026-42843 entry concerns Grav API Plugin for Grav CMS. It describes an insecure direct object reference and logic flaw in UsersController::update that lets any authenticated API user with api.access modify their own permission configuration, potentially escalating to Super Administrator ...
CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
WordPress MStore API plugin <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin MStore API versions = 4.18.3...
EUVD-2026-20840
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-25099 Remote Code Execution via Unrestricted File Upload in Bludit
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...
CVE-2026-25099
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then be executed, leading to Remote Code Execution. This issue was fixed in 3.18.4...
CVE-2026-33512
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2025-12030
The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...
CVE-2025-62979
CVE-2025-62979 concerns WordPress plugin ACF to REST API (versions <= 3.3.4). Multiple sources describe an information disclosure vulnerability causing retrieval of embedded sensitive data via the REST API. The affected product is the WordPress ACF to REST API plugin; sources consistently refe...
EUVD-2022-4867
Malicious code in bioql PyPI...
EUVD-2023-33781
Malicious code in bioql PyPI...
EUVD-2023-43881
Malicious code in bioql PyPI...
EUVD-2025-30485
Malicious code in bioql PyPI...
EUVD-2022-5758
Malicious code in bioql PyPI...
EUVD-2022-4666
Malicious code in bioql PyPI...
EUVD-2022-6254
Malicious code in bioql PyPI...
EUVD-2024-34357
Malicious code in bioql PyPI...