EUVD-2026-10460

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

EUVD-2026-10454

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

EUVD-2026-10467

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

EUVD-2026-10466

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

CVE-2026-27687

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

CVE-2026-27684

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...

CVE-2025-41712 Incorrect Permission Assignment on power analyzer

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

Incorrect Authorization

Overview @powersync/service-sync-rules is an A library containing logic for PowerSync sync rules. Affected versions of this package are vulnerable to Incorrect Authorization in the stream synchronization with config.edition: 3 and subquery filters are used without partitioning the result set. An...

CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-24186

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

ROS-20260310-73-0008

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify and delete data using a special...

CVE-2025-56421

LimeSurvey is affected by an SQL Injection vulnerability in versions before 6.15.4+250710. The issue allows a remote attacker to obtain sensitive information from the database. The description does not specify exact vulnerable components, the root cause details, or concrete exploitation vectors b...

EUVD-2026-10365

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-28431 Misskey lacks proper authorization checks and input validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-28431 Misskey lacks proper authorization checks and input validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site...

PT-2026-24120

Name of the Vulnerable Software and Affected Versions Misskey versions 8.45.0 through 2026.3.0 Description Misskey, an open source, federated social media platform, has an issue where insufficient permission checks and proper input validation can allow unauthorized access to data. This can occur...