56100 matches found
EUVD-2026-33276
Mautic has Server-Side Template Injection SSTI in Theme Templates...
CVE-2026-58653
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
CVE-2026-58653 PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
CVE-2026-58653
CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...
EUVD-2026-41367
PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
ManageEngine OpManager - Directory Traversal
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...
Moodle - Cross-Site Scripting/Remote Code Execution
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...
WSO2 User Registration - Arbitrary Account Creation
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...
XWiki < 14.10.14 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...
Telesquare TLR-2855KS6 - Arbitrary File Creation
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...
SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation
SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...
Blinko <= 1.8.3 - User Information Leak
Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...
CVE-2026-11578
creationtimestamp| type| source ---|---|--- 2026-07-02 08:30:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnmjyq3om26 2026-07-02 20:12:45+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpotr7dht427...
CVE-2026-5821
creationtimestamp| type| source ---|---|--- 2026-07-02 07:51:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnkd3ji6c2n 2026-07-02 20:13:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpots6j3lb2k...
CVE-2026-5051
creationtimestamp| type| source ---|---|--- 2026-07-02 07:47:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnk5hh7a22d 2026-07-02 18:58:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116851914441373282...
CVE-2026-57722
creationtimestamp| type| source ---|---|--- 2026-07-02 07:32:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnjb3klmd2d...
CVE-2026-13795
creationtimestamp| type| source ---|---|--- 2026-07-02 07:18:51+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 09:20:25+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnpcqqa7m22...
CVE-2026-20214
creationtimestamp| type| source ---|---|--- 2026-07-02 06:25:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnfkhqxay2o 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...
CVE-2026-57269
creationtimestamp| type| source ---|---|--- 2026-07-02 04:58:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnapbsmog2n...