CVE-2026-7165

CVE-2026-7165 affects the Assassin game by Gaudire. The vulnerability is in the /addJugador endpoint and involves multiple issues: keyJugador and keyJugadorObjectiu allow unauthorized modification of other users’ data; punts and numObjectiusEliminats accept arbitrary data enabling falsified prize...

Frappe HR SQL注入漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.54.0 and 14.38.1 contained a SQL injection vulnerability. This vulnerability occurred due to specially crafted requests targeting certain endpoints, allowing attackers to extract...

EUVD-2023-58146

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

Schneider Electric PowerChute Serial Shutdown 安全漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. A denial of service vulnerability exists in Schneider Electric PowerChute Serial Shutdown, which stems from improperly limiting too many authentication...

PT-2025-7251 · Hypercube · Hypercube

Name of the Vulnerable Software and Affected Versions: hypercube affected versions not specified Description: The issue allows for remote code execution in web-accessible installations of hypercube. To exploit this, an attacker must make a request against hypercube's endpoints. Standard security...

UBUNTU-CVE-2023-52898

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhcifreedev and xhcikillendpointurbs do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhcifreedev which frees the xhci-devssloti...

GitHub: GHES Management console EoP (editor to site admin)

Improper privilege management in GitHub Enterprise Server allowed editor role users to escalate privileges by making requests to the bootstrapping endpoint...

CVE-2021-43939

Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...

Elcomplus SmartPPT 安全漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus, U.S.A. An authorization issue vulnerability exists in Elcomplus SmartPPT, which can be exploited by a low-authentication attacker to access higher-level administrative authorizations by sending a request direct...

CVE-2020-36125

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...