Path Traversal

github.com/weaviate/weaviate is vulnerable to path traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationServic...

CVE-2026-30707

An issue was discovered in SpeedExam Online Examination System SaaS after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The...

SpeedExam Online Examination System 安全漏洞

The SpeedExam Online Examination System is an online examination and assessment system developed by the Indian company SpeedExam. Versions of the SpeedExam Online Examination System after v.FEV2026 have security vulnerabilities. These vulnerabilities stem from access control flaws in the...

CVE-2026-30707

An issue was discovered in SpeedExam Online Examination System SaaS after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the fullTextSearchBlock handler in kernel/api/search.go. An attacker can execute unauthorized SQL statements, including reading, modifying, or deleting database contents, by sending method=2 with a crafte...

PSF-2026-11

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getUsers process. An attacker can access sensitive owner account information, such as IDs, usernames, display names, a...

GHSA-RV67-7W2G-7976 Mattermost fails to validate user's authentication method when processing account auth type switch

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

Mattermost fails to validate user's authentication method when processing account auth type switch

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Report Apache Commons Text CVE-2...

CVE-2017-20224

CVE-2017-20224 affects Telesquare SKT LTE Router SDT-CS3B1 1.2.0. The issue is an arbitrary file upload vulnerability via enabled WebDAV HTTP methods (PUT, DELETE, MKCOL, MOVE, COPY, PROPPATCH) that allows unauthenticated attackers to upload executable code and manipulate server content, potentia...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.6.0 to 5.9.11 contained security vulnerabilities. These vulnerabilities stemmed from the $settings array returned by the parsestr method in src/controllers/EntryTypesController.php, which...

CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

CVE-2026-4105

CVE-2026-4105 affects the systemd project, specifically the systemd-machined service. The vulnerability arises from improper access control in the RegisterMachine D-Bus method, due to insufficient validation of the class parameter. A local, unprivileged user can attempt to register a machine with...

EUVD-2026-11774

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

Linux Distros Unpatched Vulnerability : CVE-2026-4105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class paramete...