CVE-2026-41308

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...

CVE-2025-14188 UGREEN DH2100+ nas_svr create handler_file_backup_create command injection

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

UGREEN DH2100+ 安全漏洞

UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A security vulnerability exists in UGREEN DH2100+ 5.3.0.251125 and earlier versions, which originates from a misbehavior of the parameter path in the function handlerfilebackupcreate in the file /v1/file/backup/create i...

UGREEN DH2100+ 命令注入漏洞

UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A command injection vulnerability exists in UGREEN DH2100+ 5.3.0.251125 and earlier versions, which stems from the incorrect manipulation of the parameter path by the function handlerfilebackupcreate in the file...

CVE-2023-3831

A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated...

Bug Finder EX-RATE 跨站脚本漏洞

Bug Finder EX-RATE is a currency exchange solution from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder EX-RATE version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to cross-site scripting via the...

PT-2023-26351 · Unknown · Bug Finder Finounce

Name of the Vulnerable Software and Affected Versions: Bug Finder Finounce version 1.0 Description: A vulnerability was found in the Ticket Handler component, affecting the processing of the file "/user/ticket/create". The manipulation of the message argument leads to cross-site scripting. The...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2019-14696

Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...