12 matches found
CVE-2026-53663
React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...
GHSA-48PQ-2XQ3-C2M4 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...
EUVD-2026-25380
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
GHSA-PRP4-2F49-FCGP Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Summary Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive...
PT-2026-34822
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.4.0 Description Authenticated users, including those with the BASIC role, can escalate their privileges to ADMIN on servers that migrated from password authentication to OpenID Connect. This is possible through an...
CVE-2026-39901 monetr: Protected Transactions Deletable via PUT
monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...
Fixed in Apache Tomcat 9.0.113
Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...
CVE-2025-57772
CVE-2025-57772 affects DataEase prior to 2.10.12. A H2 JDBC RCE bypass exists where the getJdbcUrl method can return the JdbcUrl parameter, bypassing H2 filtering and allowing the JDBC URL to specify the driver (e.g., driver: org.h2.Driver) for the connection. This leads to potential remote code ...
VulnCheck KEV: CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
Radware Cloud Web Application Firewall 安全漏洞
Radware Cloud Web Application Firewall is a cloud-based web application firewall from Radware Israel. A security vulnerability exists in Radware Cloud Web Application Firewall versions prior to 2025-05-07, which originates in the HTTP GET method where the body of the HTTP request contains random...
OpenJDK: method handle call hierachy bypass (Libraries, 8032686)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries...