pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.4.0 to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API endpoint, which allowed users with non-administrator SETTINGS privileges to modify any...

PT-2026-27328

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a process now parameter from unauthenticated users, which bypasses the intended email-confirmatio...

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper reuse of JavaScript environments. These vulnerabilities may...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insufficient path validation for the localPath parameter, which could allow non-administrator...

SAP Netweaver Visual Composer Unrestricted File Upload (3084487)

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

CVE-2026-28267

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user...

Digital Arts i-フィルター 安全漏洞

Digital Arts i-Filter is a harmful website filtering browser developed by the Japanese company Digital Arts. Digital Arts i-Filter has a security vulnerability, which stems from improper file access permission settings. This vulnerability may allow non-administrator users to create or overwrite...

CVE-2026-28267

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user...

CVE-2026-23703

The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...

CVE-2026-23703

The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...

SHARP MFPs Configuration API Vulnerability (CVE-2024-47005)

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. This plugin only works with Tenable.ot. Please visit...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...

PT-2026-7230

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

CVE-2026-25859 WeKan < 8.20 Migration Functionality Insufficient Permission Checks

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

PT-2026-6182

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A non-administrative user can upload malicious files. When an administrator or the product accesses these files, an arbitrary script may be executed on the administrator's browser. Recommendation...