57121 matches found
CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...
CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...
CVE-2026-6215
CVE-2026-6215 affects DbGate up to 7.1.4, specifically the REST/GraphQL component and its function apiServerUrl1 in packages/rest/src/openApiDriver.ts. The underlying issue enables server-side request forgery (SSRF) and may be triggered remotely. An exploit has been publicly available, and the ve...
CVE-2026-39535
Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...
CVE-2026-31845
A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...
Exploit for Improper Access Control in Fortinet Forticlientems
CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...
Deserialization of Untrusted Data
Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...
Malicious Package
Overview @sports-api/api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @sports-api/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6445b51deb95e237826188e8e4897f9c43cf8d9232f7d479b59922066a5ad3c The package @sports-api/api-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2595 Malicious code in @sports-api/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6445b51deb95e237826188e8e4897f9c43cf8d9232f7d479b59922066a5ad3c The package @sports-api/api-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @hmm-app/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791765dda3352bb35bb02103a904c3a2a17217074721eb39a1e9e8e89687795 The package @hmm-app/api was found to contain malicious code. Source: ghsa-malware 7c883cf4762be6f3e07bf37a48472ac4ff6a8bbe781c4f0f40ca18b832c2c48a A...
Malicious Package
Overview @hmm-app/api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @hpcc/js-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2583 Malicious code in @hmm-app/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791765dda3352bb35bb02103a904c3a2a17217074721eb39a1e9e8e89687795 The package @hmm-app/api was found to contain malicious code. Source: ghsa-malware 7c883cf4762be6f3e07bf37a48472ac4ff6a8bbe781c4f0f40ca18b832c2c48a A...
MAL-2026-2584 Malicious code in @hpcc/js-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66d87d26a2f328414129f2abca4fe30a3f49afcefc1734ff29504b30e8e5e538 The package @hpcc/js-api was found to contain malicious code. Source: ghsa-malware baed13149b187a8ebee8b70891d8c38114a2f8c25e0048e5f2524ae8cb61217e A...
Malicious code in cms-site-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c005e0d9ed50229f543036c5c8bd9dd61a1ad0b5373efab2aa9fdba45084f9 The package cms-site-api-js-client was found to contain malicious code. Source: ghsa-malware...
Malicious code in stats-api-js-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...