CVE-2026-3495

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the GymConfigUpdateView. An attacker can gain unauthorized control over installation-wide configuration and modify other users' records by submitting changes to the /config/gym-config/edit endpoint as a...

@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)

@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...

Missing Authorization

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName function can be forced to return null. An attacke...

UBUNTU-CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

EUVD-2026-3666

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

EUVD-2019-7824

Malware in sbrugna...

CVE-2020-35971

A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/systemmanage/userconfigedit.html page...

CVE-2019-17432

An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the rowname parameter...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2019-07930)

YzmCMS is an open source CMS Content Management System by Yuan Zhimeng programmers in China. A cross-site scripting vulnerability exists in YzmCMS version 5.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of the 'configuration value'...

Code execution vulnerability in hao6cms v2.0 config_edit.asp file

hao6cms is an enterprise website management system. A code execution vulnerability exists in the hao6cms v2.0 configedit.asp file. The vulnerability is due to the parameters failed to filter the direct splicing written to the configuration file, an attacker can exploit the vulnerability to obtain...

ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/65744/info ATutor is prone to multiple cross-site scripting vulnerabilities and a HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the...

Authentication flaw

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...