PT-2026-7082

Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified WAGO 0852-1322 affected versions not specified Description An issue exists where improper length handling during the parsing of multiple cookie fields, including the TRACKID field, can allow an...

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the use of autocomplete features for web...

PT-2026-7053

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

CVE-2026-2192 Tenda AC9 formGetRebootTimer stack-based overflow

A security vulnerability has been detected in Tenda AC9 15.03.06.42multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.starttime/sys.schedulereboot.endtime leads to stack-based buffer overflow. The attack may be launched...

CVE-2026-2157

D-Link DIR-823X 250416 is affected by CVE-2026-2157. The vulnerability is in the function sub_4175CC of /goform/set_static_route_table, where manipulating arguments (interface, destip, netmask, gateway, metric) enables OS command injection. Attack can be performed remotely and public exploits hav...

Exploit for SQL Injection in Joomla Joomla\!

CVE-2017-8917 Joomla SQLi PoC This repository contains a simp...

CVE-2026-21626

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-25544

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution when parsing form field data from non-JSON, non-URL-encoded multipart requests, in formfields.ts. due to...

CVE-2026-21626

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-21626

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-21626

CVE-2026-21626 affects EasyDiscuss for Joomla (StackIdeas). The issue is that access control settings for forum post custom fields are not applied when data is output in JSON, causing an ACL bypass and potential information disclosure. Multiple sources (NVD, Red Hat, CVE list, CVE records) descri...

CVE-2026-21626 Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-21626

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

CVE-2026-21626 Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

EUVD-2026-5682

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...

Payload SQL注入漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.73.0 have a SQL injection vulnerability. This vulnerability occurs when querying JSON or richText fields, where user input is directly embedded into SQL without...

PT-2026-6689

Name of the Vulnerable Software and Affected Versions EasyDiscuss affected versions not specified Description Access control settings for forum post custom fields are not enforced when data is output in JSON format. This results in an Access Control List ACL bypass, potentially leading to...

StackIdeas EasyDiscuss 信息泄露漏洞

StackIdeas EasyDiscuss is an extension of the StackIdeas company. StackIdeas EasyDiscuss has a vulnerability related to information leakage. This vulnerability arises from the fact that the access control settings for custom forum post fields are not applied to JSON output types, which may lead t...

SQL Injection

Overview @payloadcms/db-postgres is a The officially supported Postgres database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts...