CVE-2026-48189 Bypass DedicatedAgentToCustomerGroups Setting

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

WordPress plugin Fortis for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-22236

Technical details about CVE-2026-22236 are not publicly available in the provided documents. The descriptions summarize improper backend API authentication but do not specify affected components, versions, impact specifics, or fixes. Monitor for updates from vendors and security feeds.

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper authentication of the management API, which could lead an attacker to create new users with administrator privileges, which...

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

EUVD-2017-11891

Malware in sbrugna...

EUVD-2018-0934

Malware in sbrugna...

EUVD-2017-11895

Malware in sbrugna...

EUVD-2024-47590

Malicious code in bioql PyPI...

CVE-2023-6483

The vulnerability exists in ADiTaaS Allied Digital Integrated Tool-as-a-Service version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable...

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

CVE-2025-43004

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards PODs that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view...

ADiTaaS Authorization Issues Vulnerabilities

ADiTaaS is a service management platform from ADiTaaS, Inc. A security vulnerability exists in ADiTaaS version 5.1 that stems from the presence of an incorrect authentication vulnerability. A remote attacker could exploit the vulnerability by sending a specially crafted HTTP request to gain full...

Hotel-Mgmt-System SQL注入漏洞

Hotel-Mgmt-System is a hotel management system. A security vulnerability in Tramyardg hotel-mgmt-system version 2022.4, which stems from its /app/dao/CustomerDAO.php allows attackers to implement SQL injection...

inDrive: # Drivers can access the customers phone number, current location without getting their offer accepted!

A vulnerability was found where drivers could access customers' phone numbers and locations without having their offer accepted...

CVE-2022-36258

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

CVE-2022-35606

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'...

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...