Lucene search
K

7 matches found

NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:12 p.m.23 views

CVE-2026-49205 phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)

phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this-userHasPermissionPermissionType::BACKUP. The same fix was not applied to 4 other write endpoints...

6.5CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 9:12 p.m.21 views

CVE-2026-49205

phpMyFAQ versions before 4.1.4 have Missing Authorization in the API CategoryController, where four write endpoints (POST /api/v4.0/category, POST /api/v4.0/faq, PUT /api/v4.0/faq, POST /api/v4.0/question) relied on a shared token check instead of per-user permissions. This allowed insufficient a...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score
Exploits0References3
OSV
OSV
added 2026/03/23 11:52 p.m.3 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References5
OSV
OSV
added 2022/08/01 3:15 p.m.7 views

AZL-10447 CVE-2022-2598 affecting package vim for versions less than 9.0.0325-1

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100...

5.5CVSS7.2AI score0.00872EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2022/08/01 3:15 p.m.67 views

CVE-2022-2598

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100...

6.5CVSS6.5AI score0.00872EPSS
Exploits1
Rows per page
Query Builder