CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

Missing Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the delete process. An attacker can remove tags and disrupt FAQ organization by sending crafted DELETE requests to the admin AP...

GHSA-VGRF-PR28-VF98 CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess

Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the delete process in mylistfunction.php due to missing validation of CSRF tokens. An attacker can...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.5.1 contained security vulnerabilities. These vulnerabilities stemmed from a lack of ownership checks in the readflow assistant, which could allo...

CVE-2024-40939

CVE-2024-40939 (Linux kernel) : The issue affects the Linux kernel net/wwan/iosm path. When region creation fails in ipc_devlink_create_region(), the delete path used a tainted pointer that actually held an error code. The fix decreases the region index before performing the delete to avoid taint...

CVE-2023-34189 Apache InLong: General user can delete and update process

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to...

IBM Business Process Manager Design Vulnerabilities

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. There is a security vulnerability in IBM BPM. A remo...