CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the agent process when the /reset or /new endpoints are accessed with only operator.write permissions. An attacker can gain unauthorized administrative access by...

CVE-2025-12129

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

CVE-2021-41093

Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See...

Linux Distros Unpatched Vulnerability : CVE-2021-29622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless...

PT-2025-34267 · Phproject · Phproject

Name of the Vulnerable Software and Affected Versions: Phproject versions 1.8.0 through 1.8.2 Description: Phproject is a high performance full-featured project management system. A Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. A...

PT-2024-40274 · Saltcorn · Saltcorn

Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to the fixed version Description: The issue arises from the use of user-controlled data in the git clone command without proper validation, leading to a command injection vulnerability. This allows an attacker with adm...

SUSE CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

Arbitrary redirects under /new endpoint

...

PT-2021-23082 · Wire · Wire

Name of the Vulnerable Software and Affected Versions: Wire versions prior to 3.86 Description: The issue allows an attacker to take over an account by changing the email if they obtain an old but valid access token. This is possible due to insufficient security measures in place prior to the...