4 matches found
CVE-2026-38533
An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the pathfor function in DiskService. An attacker can read, write, or delete arbitrary files on the server by supplying blob keys containing path traversal sequences like ../. Note: In most cases, blob keys are...
WordPress Backup Migration 1.2.8 Plugin - Unauthenticated Database Backup Vulnerability
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...
KISGB <= 5.1.1 (authenticate.php) Remote File Include Vulnerability
No description provided by source. KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files :...