120866 matches found
CVE-2026-14471
Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...
CVE-2026-14471
The CVE affects Amazon mcp-gateway-registry’s metrics-service retention policy management component (pre-1.0.13). An authenticated remote user can exploit an SQL injection via a crafted table_name value interpolated into SQL statements in the identifier position, potentially impacting confidentia...
CVE-2026-48614
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
CVE-2026-40141
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-48614
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
CVE-2026-48614
The CVE-2026-48614 vector affects the Plesk XML API. An improper authorization flaw allows an authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation on the underlying server. The available sources describe the impact a...
EUVD-2026-41889
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141
Technical details (affected product versions, root cause, fixes) are not publicly available in the provided documents; monitor for updates.
Security Bulletin: IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables (CVE-2025-36372)
Summary IBM® Db2® could disclose sensitive information such as access keys to an authenticated user from the monitoring and event tables. CVE-2025-36372 Vulnerability Details CVEID:CVE-2025-36372 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows...
WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by daroo in WordPress Plugin Ultimate Member versions = 2.11.4...
WordPress JSON API User plugin <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Yat in WordPress Plugin JSON API User versions = 4.1.0...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-1433
uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...
CVE-2026-12686
An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-9165
Summary : A flaw in Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central allows unbounded GraphQL query depth on the authenticated GraphQL API, enabling a token-authenticated user to issue deeply nested queries that exhaust resources and cause a denial of service to the management pla...
CVE-2026-11962
The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...