4 matches found
EUVD-2026-30993
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...
CVE-2026-35478 InvenTree has Arbitrary API Token Creation
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...
CVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
SolarWinds Access Rights Manager 代码问题漏洞
SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Access Rights Manager that originates from allowing an authenticated user to abuse the service, which could result in remote code execution...