3384 matches found
PT-2026-31230
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through = 1.0.6...
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
EUVD-2026-19673
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
CVE-2026-35488
CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...
PT-2026-30861
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has object permission returns True for all HTTP methods —...
EUVD-2026-19200
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5634
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5634
CVE-2026-5634 affects the Projectworlds Car Rental Project 1.0. The vulnerability targets an unknown function in the file /book_car.php (Parameter Handler). Manipulating the fname argument results in a SQL injection, with remote, publicly available exploit code. The CVSS metrics in the connected ...
CVE-2026-5634
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
PT-2026-30579
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-33755
Group-Office (enterprise CRM/groupware) has an authenticated SQL Injection in the JMAP Contact/query endpoint affecting versions before 6.8.158, 25.0.92, and 26.0.17. An authenticated user with basic addressbook access can extract arbitrary data from the database, including active session tokens ...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-32378
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...
Debian dla-4503 : evolution-data-server - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/...
EUVD-2026-11880
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...