57 matches found
D-Link DI-8003 安全漏洞
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that originates from improper validation of the id parameter in the /thdmember.asp endpoint, which can be exploited by an attacker to cause a denial of service...
CVE-2026-33678
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads ...
Missing Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization in the invite ID validation process. An attacker can gain unauthorized access to create accounts by using leaked invite IDs...
WordPress plugin GetGenie 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-2356
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2026-22905
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension
OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...
CVE-2025-71112
In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...
EUVD-2015-8424
Malware in sbrugna...
Online Shopping System Advanced 安全漏洞
Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A security vulnerability exists in Online Shopping System Advanced version 1.0, which stems from insufficient validation of the parameter productid in the file editproduct.php, which could lead t...
PT-2025-46554
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/vmwgfx subsystem related to cursor snooping. The issue arises from a missing check for resource existence before attempting to use the...
GHSA-Q67Q-549Q-P849 Flowise has arbitrary file access due to missing chat flow id validation
Summary Missing chat flow id validation allows an attacker to access arbitrary file. Details Commit https://github.com/FlowiseAI/Flowise/commit/8bd3de41533de78e4ef6c980e5704a1f9cb7ae6f and https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 added check for filenam...
(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ExportDataAsXML...
Linux Distros Unpatched Vulnerability : CVE-2023-3866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session i...
CVE-2023-22452
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-5982
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...
DEBIAN-CVE-2025-22118
In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure endqid does not overflow by validating startqid and numqueues...
PT-2024-39776 · Posthog · Posthog
Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this issue. The specific flaw exists within...
UBUNTU-CVE-2024-42121
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msgid before read or write WHAT msgid is used as an array index and it cannot be a negative value, and therefore cannot be equal to MODHDCPMESSAGEIDINVALID -1. HOW Check whether msgid is valid before...