740 matches found
Nacos <1.4.1 - Authentication Bypass
Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...
EUVD-2026-41980
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...
PT-2026-56138
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, whic...
PT-2026-56027
Name of the Vulnerable Software and Affected Versions Coolify versions 4.0.0-beta.471 through 4.0.0-beta.473 Description A regression in the SHELL SAFE COMMAND PATTERN allows ampersands to be used in custom Docker Compose build, start, and pre/post-deployment command fields. This enables an...
AdminPanel 安全漏洞
AdminPanel is a database management panel developed by Jason000. Version 4.0 of AdminPanel contains a security vulnerability, which stems from a cross-site request forgeing vulnerability in the delete.php endpoint...
CVE-2026-6582
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...
CVE-2026-6582
TransformerOptimus SuperAGI up to 0.0.14: the get_vector_db_details function in superagi/controllers/vector_dbs.py of the Vector Database Management Endpoint is vulnerable to a manipulation that leads to missing authentication. This is a remote-exploit, with a publicly published exploit and confi...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
CVE-2026-30404
The CVE-2026-30404 entry concerns wgcloud v3.6.3, where the backend database management connection test feature is vulnerable to server-side request forgery (SSRF). The vulnerability could allow the server to initiate requests to internal networks, remotely download malicious files, and perform o...
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...
CVE-2026-30403
CVE-2026-30403 affects wgcloud before 3.6.3, where the vulnerable area is the test connection function in the backend database management module. The issue allows an attacker to perform an arbitrary file read on the victim’s server, exposing sensitive files. The description and connected sources ...
wgcloud 安全漏洞
WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...
CVE-2026-3761
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...
CVE-2026-3762
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...
CVE-2026-3734
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...
EUVD-2026-10264
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...
CVE-2026-3764
Affected software: SourceCodester Client Database Management System 1.0. Vulnerability: improper authorization in an unknown function of the file /superadmin_user_update.php, as described in multiple sources. Root cause / impact: remote access without required privileges could lead to unauthorize...