3 matches found
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
McAfee True Key DLL Sideload Vulnerability
McAfee True Key is an authentication application from the American company McAfee. The program supports features such as facial information recognition and fingerprint recognition. A security vulnerability exists in McAfee True Key versions prior to 4.20.110, which stems from the program's failur...
PHPVibe Stored Cross-Site Scripting Vulnerability
PHPVibe is a video sharing content management system CMS. The system can be used to create video sharing websites. A stored cross-site scripting vulnerability exists in PHPVibe versions prior to 4.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...