PT-2026-31341

Name of the Vulnerable Software and Affected Versions Red Hat Quay affected versions not specified Description A flaw exists in Red Hat Quay's container image upload process. An authenticated user with push access to any repository can interfere with image uploads in progress by other users, even...

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CoolerControl 访问控制错误漏洞

CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained a access control vulnerability. This vulnerability stemmed from unvalidated functions, which could allow unauthenticated attackers to view and modify...

CVE-2026-39334

ChurchCRM contains a blind SQL injection in SettingsIndividual.php affecting 7.0.5, exploitable by authenticated users with low privileges via the type array parameter. The issue allows extraction and modification of database content and is fixed in 7.1.0. The available documents provide the affe...

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

CVE-2026-39331 ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

CVE-2026-39331

ChurchCRM prior to 7.1.0 has an API authorization bypass: an authenticated API user can modify any family’s state by altering the {familyId} in requests to /family/{familyId}/verify, /family/{familyId}/verify/url, /family/{familyId}/verify/now, /family/{familyId}/activate/{status}, and /family/{f...

PT-2026-30958

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

CVE-2026-35029

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...

CVE-2026-5540

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

CVE-2019-25692

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...

CVE-2019-25692 Kados R10 GreenBee SQL Injection via id_to_modify Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

PT-2026-30412

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2016-20054

CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

WordPress plugin Pie Register – User Registration, Profiles & Content Restriction 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2017-20238 Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...