CVE-2026-11369

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

CVE-2026-11369 IDOR in Comment API Allows Cross-Process Comment Read and Write

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

EUVD-2026-34827

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

CVE-2026-11369

The CVE-2026-11369 entry concerns an Insecure Direct Object Reference (IDOR) in the Comment API. The affected endpoints are GET /api/Comment and POST /api/Comment. The root cause is missing authorization checks to verify that a user has access to the object identified by relatedObjectId, allowing...

PT-2026-46948

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through 1.7...

CVE-2026-32508

CVE-2026-32508 affects the WordPress Halstein theme prior to v1.8. The vulnerability is due to deserialization of untrusted data, enabling object injection in Halstein before 1.8. Affected software is Mikado-Themes Halstein halstein; impact is described as potential object injection with limited ...

CVE-2026-32509

CVE-2026-32509 is a deserialization of untrusted data vulnerability in the WordPress Gracey theme (

CVE-2026-32509 WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through 1.4...

CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...

CVE-2026-32507

The CVE-2026-32507 entry documents a Deserialization of Untrusted Data vulnerability in the WordPress Leroux theme (Elated-Themes Leroux), affecting Leroux versions prior to 1.4. The core issue is Object Injection via deserialized untrusted data in Leroux, with reported exposure affecting the the...

CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...

CVE-2026-32506

CVE-2026-32506 affects WordPress Archicon theme versions prior to 1.7. The issue is described as a deserialization of untrusted data that allows arbitrary object instantiation (object injection) in Archicon. The affected component is the Archicon WordPress theme; root cause is deserialization lea...

WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Halstein versions 1.8...

WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Stål versions 1.7...

WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Kamperen versions 1.3...

WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Gracey versions 1.4...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...