135 matches found
CVE-2025-59785 API - Insufficient Input Validation
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2026-27471
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...
CVE-2026-27471 ERP: Document access through endpoints due to missing validation
ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...
CVE-2026-1857
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...
CVE-2026-1857
The CVE-2026-1857 issue affects Kadence Blocks — Gutenberg Blocks with AI for WordPress (
WordPress plugin Gutenberg Blocks with AI by Kadence WP 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
eLection SQL注入漏洞
eLection is an election content management system developed by fauzantrif. Version 2.0 of eLection has a SQL injection vulnerability; this vulnerability stems from the lack of parameter id validation in the candidate management endpoint, which may lead to SQL injection attacks...
Keycloak Server-Side Request Forgery (SSRF) vulnerability
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
CVE-2026-1518
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
CVE-2026-1518
Keycloak SSRF issue (CVE-2026-1518) affects the CIBA backchannel notification flow. The vulnerability arises from insufficient validation of the client-configured backchannel_notification_endpoint, enabling a privileged user to trigger blind server-side requests to internal services. Documented i...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks whether it has three endpoints, as well as endpoints for bulk input and output. However, it does not check whether the third endpoint is an interrupt input. This...
Azure Linux 3.0 Security Update: kernel (CVE-2024-41097)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41097 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking ...
GHSA-9CVC-H2W8-PHRP AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value
Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...
PT-2026-27655
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus driver does not validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driver to...
PT-2026-27677
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kaweth driver does not validate the number and types of USB endpoints of a device before binding to it. A malicious device lacking expected USB endpoints can cause the driver to cras...
PT-2026-27730
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The kalmia driver does not properly validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driv...
CVE-2023-54277
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992699)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992699 advisory. In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb...
CVE-2025-13891 Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...
CVE-2025-20377
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this...