12 matches found
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
Discourse security vulnerabilities
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1....
CVE-2023-25195
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...
CVE-2025-55948
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...
CVE-2025-56008
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
EUVD-2024-2316
Malicious code in bioql PyPI...
PT-2025-43522
Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A cross site request forgery CSRF issue exists in KeeneticOS. The issue is present in the ''/rci'' API endpoint and allows attackers to gain control of the device by adding users with full...
PT-2025-43520
Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A CRLF-injection flaw exists in KeeneticOS prior to version 4.3. This issue is present at the /auth API endpoint and could allow attackers to gain control of the device. Exploitation involves adding...
UBUNTU-CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
PT-2024-10843 · WordPress · Indeed Membership Pro
Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...
CVE-2022-3400
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...