62376 matches found
CVE-2026-45260
Pimcore WebDAV MOVE vulnerability (CVE-2026-45260) enables remote asset deletion/overwrite due to missing authentication in the WebDAV controller and Tree::move() path. The WebDAV endpoint at /asset/webdav{path} proceeds to mutate assets before validating the current user or permissions, and Asse...
CVE-2026-48014 Shopware: Admin API ACL Bypass in Order State Transition Endpoints
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...
EUVD-2026-45241
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...
CVE-2026-48016
Summary of findings (CVE-2026-48016) : The vulnerability in Shopware Store API allows an external Store API user, including guests, to trigger payments for another user’s order by supplying a foreign orderId to the endpoint /store-api/handle-payment. The root cause is that payment initiation/proc...
EUVD-2026-45239
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...
CVE-2026-54496
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...
CVE-2026-63097
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...
CVE-2026-63307
CVE-2026-63307 affects Chat2DB prior to 5.3.0. The vulnerability is an insecure direct object reference in GET /api/connection/datasource/{id}. The handler calls dataSourceService.queryExistent(id, …) without an ownership check and returns the decrypted password field, enabling any authenticated ...
CVE-2026-63097
Dendrite 0.13.8 is affected by an improper access-control in the syncapi /context endpoint (syncapi/routing/context.go). The flaw uses a flawed membership check that only considers RoomExists, ignoring IsInRoom, HasBeenInRoom, and Membership fields, allowing authenticated local users who have lef...
EUVD-2026-45195
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...
CVE-2026-12705
Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...
EUVD-2026-45179
Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...
CVE-2026-8075
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
CVE-2026-15094
The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2026-11966 User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pendin...
CVE-2026-11966
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pendin...
EUVD-2026-45147
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pendin...
EUVD-2026-45149
The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...
CVE-2026-12393
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...