CVE-2026-40549 Cross-Site Request Forgery in SOPlanning

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

CVE-2018-25391 HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

EUVD-2018-21913

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/modpengurus/aksipengurus.php module=pengurus&act=hapus and...

CVE-2018-25391

HaPe PKH 1.1 contains an authorization flaw in its record deletion endpoints. The admin/modul/mod_pengurus/aksi_pengurus.php (module=pengurus&act=hapus) and admin/modul/mod_update/aksi_update.php (module=update&act=hapus) delete records without verifying the requester’s privileges, allowing unaut...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path parameter in the DELETE API endpoints. An attacker can delete arbitrary files outside the intended shared directory by supplying crafted path traversal sequences, resulting in unauthorized data loss and...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mptcp kernel path manager not always setting IDs as available when deleting endpoints, potentially...

Directory Traversal

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the avatarurl parameter in the chat export and delete endpoints. An attacker can read or delete arbitrary files within the user data root by supplying directory...

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

CVE-2026-27482

CVE-2026-27482 affects Ray’s dashboard HTTP server. In versions 2.53.0 and below, DELETE endpoints are unauthenticated, and the server may be reachable on 0.0.0.0, enabling a browser-based request (DNS rebinding or same-network) to issue DELETE requests that shut down Serve or delete jobs without...

Ray 安全漏洞

Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray prior to 2.53.0 contain security vulnerabilities. These vulnerabilities stem from the fact that the dashboard’s HTTP server does not cover the DELETE method, and the critical...

GHSA-Q5FH-2HC8-F6RQ Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding or same-network access can issue DELETE requests...

PT-2026-21334

Name of the Vulnerable Software and Affected Versions Ray versions 2.53.0 and below Description Ray’s dashboard HTTP server does not adequately protect DELETE requests, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable, a web page using DNS rebinding or...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...

CVE-2024-4792

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /adminclass.php. The manipulation of the argument...

Laundry Management System SQL注入漏洞

Laundry Management System is a laundry management system. A SQL injection vulnerability exists in Online Laundry Management System version 1.0, which originates from an SQL injection vulnerability in the id/deletecategory/deleteinv/deletelaundry/deletesupply/ The SQL injection vulnerability exist...