PT-2026-45062

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspace id/issues/issue id/activity endpoint is gated by require workspace memberworkspace id and dispatches to ActivityService.list for issueissue id, which executes SELECT FROM activity WHERE issue id = :issue id with no...

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

CVE-2026-27835

Issue summary. CVE-2026-27835 affects wger (versions up to 2.4). The vulnerable components are RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet, whose get_queryset() returns all objects (using .all()) instead of filtering by the authenticated user, enabling an authenticated user to enumer...

WordPress plugin WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...