CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

UBUNTU-CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

PT-2026-24167

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances is a cross-platform system monitoring tool. The '/api/4/config' REST API endpoint returns the entire Glances configuration file glances.conf without filtering sensitive values. This...

Mass Assignment

Description Mass assignment is a vulnerability that occurs when an application automatically binds user-provided data e.g., from JSON via req.query to internal object properties or database fields without proper filtering. This can allow attackers to manipulate sensitive fields they shouldn’t hav...

CVE-2023-51010

An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking...

Tp-link Tapo C200 命令注入漏洞

A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a...

The vulnerability of the Dr.Web Enterprise Security Suite, an anti-virus protection tool, lies in the lack of SQL query filtering. This allows attackers to increase their privileges.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in the absence of SQL query filtering. Exploiting this vulnerability allows a malicious actor, who operates remotely and has no access to the application’s administrative operations via the web interface, to...

SQL injection vulnerability in zabbix 'profileldx2' parameter

Zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class open source solutions . A large number of domestic zabbix IPs are vulnerable to SQL injection. The lack of filtering of the 'profileldx2' parameter allows attackers to...

RobotStats 1.0 - HTML Injection

RobotStats 1.0 - HTML Injection Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstat...