CVE-2026-31245

The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint POST /memories. The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending...

PT-2026-40273

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/sync cm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-5797

The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...

PT-2026-25793

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

PT-2026-22577

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

GHSA-F632-VM87-2M2F qdrant has arbitrary file write via `/logger` endpoint

Summary It is possible to append to arbitrary files via /logger endpoint. Minimal privileges are required read-only access. Tested on Qdrant 1.15.5 Details POST /logger Source code link endpoint accepts an attacker-controlled ondisk.logfile path. There are no authorization checks but authenticati...

CVE-2025-14366

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

EUVD-2021-11890

Malware in sbrugna...

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...