CVE-2026-29202

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

PT-2025-46314

Name of the Vulnerable Software and Affected Versions VAPIX API affected versions not specified Description The VAPIX API’s port.cgi component lacks adequate input validation. This can lead to process crashes and negatively affect usability. Exploitation requires authentication with a viewer,...

CVE-2025-26392

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...

CVE-2025-26392

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account...

CVE-2025-26392

SolarWinds Observability Self-Hosted is affected by CVE-2025-26392: an SQL injection vulnerability that can disclose sensitive data when authenticated from a low-privilege account. The issue affects the product as described in multiple sources (NVD, Red Hat/CIRCL/CVE lists and related advisories)...

EUVD-2020-18676

Malware in sbrugna...

EUVD-2025-31761

Malicious code in bioql PyPI...

CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...

CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...

CVE-2024-45712

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

CVE-2024-52291

Craft is a content management system CMS. A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme e.g., file://file:////. This enables the attacker to specify sensitive folders as the file system, leading to potential file...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4...

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

Design/Logic Flaw

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

CVE-2022-47506

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands...

Reprise License Manager 14.2 Buffer Overflow

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44154 Vulnerability Title: Authenticated Buffer Overflow Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

SUSE: Security Advisory (SUSE-SU-2016:1024-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...