36166 matches found
CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...
PT-2026-49057
Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...
CVE-2025-58468
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
CVE-2026-2827
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-36198
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-2827 Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-2827
CVE-2026-2827 affects the Open User Map PRO plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the oum_location_notification parameter in versions up to and including 1.4.31, caused by insufficient input sanitization and output escaping. Unauthenticated attackers c...
PT-2026-48610
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum location notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-58468
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
CVE-2025-58468 Notification Center
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
EUVD-2025-210096
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
CVE-2025-58468
CVE-2025-58468—Notification Center describes a cross-site request forgery (CSRF) vulnerability that could allow remote attackers to gain privileges or hijack user identities. The advisory states the issue is fixed in Notification Center version 1.10.0.3291 and later. From the connected records, n...
CVE-2025-58468 Notification Center
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
PT-2026-48355
A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...
QNAP Systems Notification Center 跨站请求伪造漏洞
QNAP Systems Notification Center is a system event alert and notification software developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems Notification Center prior to 1.10.0.3291 contained a cross-site request forgery vulnerability. This vulnerability allows remote...
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42973 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability
...