CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

DataEase 2.10.4-2.10.7 - Remote Code Execution

DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...

Next.js Middleware - Server-Side Request Forgery

In Next.js prior to versions 14.2.32 and 15.4.7, when request headerswere insecurely passed to NextResponse.next, an attacker could exploit this behavior to perform Server-Side Request Forgery SSRF attacks. id: CVE-2025-57822 info: name: Next.js Middleware - Server-Side Request Forgery author:...

Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

CVE-2026-45405 Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

EUVD-2026-39777

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

CVE-2026-57652

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

CVE-2026-57646

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

CVE-2026-57634

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

CVE-2026-57527

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

CVE-2026-56773

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

CVE-2026-57665

CVE-2026-57665 describes an unauthenticated Insecure Direct Object References (IDOR) vulnerability in the WordPress GravityView plugin, affecting version 3.0.0 and earlier. The vulnerability arises in GravityView

CVE-2026-57652

The CVE-2026-57652 vulnerability affects the WordPress JS Help Desk plugin