686 matches found
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...
IBM Data Risk Manager - Authentication Bypass via SAML
IBM Data Risk Manager versions 2.0.1 through 2.0.6 are vulnerable to authentication bypass when configured with SAML authentication. A remote attacker can bypass security restrictions by sending a specially crafted HTTP request to the SAML idpSelection endpoint, allowing them to bypass the...
EUVD-2026-43127
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-9180
The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.4.4. This is due to the POST /motopress/appointment/v1/bookings REST endpoint being registered with 'permissioncallback' = 'returntrue',...
EUVD-2026-38387
MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...
CVE-2026-56239 Capgo - Privilege Escalation via SECURITY DEFINER Function apply_usage_overage
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...
USN-8422-1: Mistral vulnerability
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it...
Migration Planner UI 访问控制错误漏洞
The Migration Planner UI is an open-source migration planning frontend tool developed by KubeV2V. The Migration Planner UI has an access control vulnerability. This vulnerability stems from the lack of proper authorization and filtering in the/api/v1/sources route, which may allow authenticated...
CVE-2026-34296
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-6072
The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...
CVE-2026-5411
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-31958
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-31958. This bulletin contains information addressing the vulnerability. Vulnerability...
CVE-2026-8689
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
Linux Distros Unpatched Vulnerability : CVE-2026-46045
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member...
EUVD-2026-31661
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...
CVE-2026-48249
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...
CVE-2026-48247
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...
CVE-2026-48249
Open ISES Tickets
CVE-2026-48247
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...
CVE-2026-39310
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...