56112 matches found
EUVD-2026-43634
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
EUVD-2026-43623
A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...
EUVD-2026-43599
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...
GHSA-V66C-278H-3VJ4 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-57363
creationtimestamp| type| source ---|---|--- 2026-07-13 18:51:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkeecjaem2a 2026-07-14 01:19:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql224uclj2w...
CVE-2026-61462
mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...
CVE-2026-61462
CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...
CVE-2026-9824
creationtimestamp| type| source ---|---|--- 2026-07-13 13:19:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjrszmrjk2s 2026-07-13 14:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjuaxgcny27 2026-07-13 18:19:38+00:00| seen|...
CVE-2026-61955
creationtimestamp| type| source ---|---|--- 2026-07-13 11:59:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjndygvcm2y 2026-07-13 18:04:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkbqk2co427 2026-07-14 02:02:07+00:00| seen|...
CVE-2026-57786
creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkivcoiu2w...
CVE-2026-57379
creationtimestamp| type| source ---|---|--- 2026-07-13 11:04:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjkbrsxph2i...
CVE-2026-57369
creationtimestamp| type| source ---|---|--- 2026-07-13 11:03:10+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjk6m4vk222 2026-07-13 18:55:41+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkelkgb7c27 2026-07-14 01:21:35+00:00| seen|...
CVE-2026-6541
CVE-2026-6541 affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x
CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication
A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...
CVE-2026-15531
creationtimestamp| type| source ---|---|--- 2026-07-13 06:30:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj2wvxzcs2e 2026-07-13 21:25:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkmwms2f32w...
CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
CVE-2026-11963
Affected product: WordPress plugin “User Registration & Membership” (before 5.2.2). Vulnerability: Missing authorization check on a membership-upgrade action; the target user is derived from a caller-supplied identifier rather than the current user, enabling any authenticated user (e.g., a subscr...
CVE-2026-12271 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Quiz Attempt Modification via IDOR
The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...