CVE-2026-53911

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...

Debian dla-4602 : lemonldap-ng - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

EUVD-2026-30603

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

CVE-2026-44504

CVE-2026-44504 (Aegra) describes a cross-tenant IDOR in Aegra deployments prior to 0.9.7 where an authenticated user with access to another user’s thread_id can: (1) execute runs against that user’s thread via /threads/{thread_id}/runs (and related endpoints), (2) read the other user’s full check...

PT-2026-39879

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary,...

CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

Open Redirect

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Open Redirect in the handleSSORequest process. An attacker can obtain sensitive user identity attributes and impersonate users by...

CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

PT-2026-30976

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

CVE-2026-33043

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

BIT-CEPH-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

GHSA-QC3P-398R-P59J AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...