Lucene search
+L

3384 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31230

Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through = 1.0.6...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/07 2:51 p.m.2 views

CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 2:51 p.m.4 views

EUVD-2026-19673

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 2:51 p.m.12 views

CVE-2026-35488

CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/07 2:51 p.m.2 views

CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30861

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.has object permission returns True for all HTTP methods —...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/06 9:31 a.m.3 views

EUVD-2026-19200

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 8:16 a.m.5 views

CVE-2026-5634

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/04/06 7:30 a.m.11 views

CVE-2026-5634

CVE-2026-5634 affects the Projectworlds Car Rental Project 1.0. The vulnerability targets an unknown function in the file /book_car.php (Parameter Handler). Manipulating the fname argument results in a SQL injection, with remote, publicly available exploit code. The CVSS metrics in the connected ...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:30 a.m.2 views

CVE-2026-5634

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 7:30 a.m.3 views

CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 7:30 a.m.31 views

CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30579

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/27 2:8 p.m.24 views

CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS0.00387EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 2:8 p.m.3 views

CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 2:8 p.m.14 views

CVE-2026-33755

Group-Office (enterprise CRM/groupware) has an authenticated SQL Injection in the JMAP Contact/query endpoint affecting versions before 6.8.158, 25.0.92, and 26.0.17. An authenticated user with basic addressbook access can extract arbitrary data from the database, including active session tokens ...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/27 2:8 p.m.11 views

CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32378

Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.6 views

Debian dla-4503 : evolution-data-server - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS5.9AI score0.00189EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11880

Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2
Rows per page
Query Builder