CVE-2026-54398

CVE-2026-54398 describes an authorization flaw in MISP's object add/edit handling where an authenticated user with object editing permissions can assign objects or their attributes to a sharing group they are not authorized to view. The root cause is that during object edits the sharing group val...

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

CVE-2026-40544

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

CVE-2026-9377

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...

CVE-2025-69241

Raytha CMS is affected by CVE-2025-69241, a Stored XSS in the profile editing flow via FirstName/LastName. An authenticated attacker can inject HTML/JS that executes when the edited page is viewed. The issue has been fixed in version 1.4.6. The CVSSv4 metrics indicate a Medium impact (base score ...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

CVE-2026-3730

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/modamenities/index.php?view=edit. Performing a manipulation of the argument amenid/rmtypeid results in sql injection. The attack is possible ...

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

CVE-2026-1953

Nukegraphic CMS v3.1.2 is affected by a stored XSS in the user profile edit endpoint (/ngc-cms/user-edit-profile.php). The vulnerability arises because the name field is not properly sanitized before storing to the database and rendering on multiple pages. An authenticated attacker with low privi...

CVE-2025-15458

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-15458 bg5sbk MiniCMS Article post-edit.php improper authentication

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-63785

A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...

EUVD-2020-10111

Malware in sbrugna...

EUVD-2025-26336

Malicious code in bioql PyPI...

EUVD-2022-43515

Malicious code in bioql PyPI...

CVE-2025-55744 UnoPim vulnerable to CSRF on Product edit feature and creation of other types

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. This vulnerability is fixed in 0.2.1...