87 matches found
CVE-2026-14482 多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...
EUVD-2026-42162
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an...
EUVD-2026-39656
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
CVE-2026-57924 affects JetBrains YouTrack prior to version 2026.2.16593, where a default role configuration exposed excessive user profile details. The root cause is not fully described beyond this exposure, but the impact implies potential disclosure of user profile information to unauthorized u...
PT-2026-52704
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...
EUVD-2026-38664
The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...
CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...
EUVD-2026-37836
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...
CVE-2026-40888
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
CVE-2019-25738
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...
CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...
CVE-2026-40888
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
CVE-2026-40888 Frappe HR vulnerable to Improper Access Control
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
CVE-2026-40888 Frappe HR vulnerable to Improper Access Control
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
EUVD-2026-24276
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
CVE-2026-40888
CVE-2026-40888 affects Frappe HR (HRMS). Before versions 15.58.1 and 16.4.1, an authenticated user with the default role can access unauthorized information via a vulnerable API endpoint. The issue is resolved in 15.58.1 and 16.4.1, which contain the patch. No workarounds are provided. An authent...
Frappe HR 访问控制错误漏洞
Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.1 and 16.4.1 contained a security vulnerability related to access control. This vulnerability allowed authenticated users with the default role to access certain API endpoints,...