22 matches found
CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
Improper Neutralization of Special Elements Used in a Template Engine
Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the template formatting. An attacker can access internal object fields or nested data by...
CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
EUVD-2026-20556
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
PT-2026-31413
Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 Description Zammad is a web based open source helpdesk/customer support system. In shared organizations, customers could view fields not intended for customer access, including fields restricted to internal use...
CVE-2026-30822 Flowise: Mass Assignment in `/api/v1/leads` Endpoint
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13...
EUVD-2022-6666
Malicious code in bioql PyPI...
Mass Assignment
Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...
CVE-2022-36079
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
BIT-PARSE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
PT-2022-23167 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.14 Parse Server versions prior to 5.2.5 Description: Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. These fields are...
GHSA-GPMH-G94G-QRHR Internal hidden fields are visible on to many associations in admin api
Impact The admin api has exposed some internal hidden fields when an association has been loaded with a to many reference Patches We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview...
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the...
CVE-2020-15697
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...
CVE-2020-15697
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...
PT-2020-14592 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: An issue was discovered where internal read-only fields in the User table class could be modified by users. Recommendations: For Joomla! versions 3.9.19 and earlier, update to a version that...
[SECURITY] Fedora 24 Update: jenkins-xstream-1.4.7-11.jenkins1.fc24
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
CVE-2014-9739
Cross-site scripting XSS vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields...