CVE-2026-27357

Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0...

CVE-2026-3532

CVE-2026-3532 affects the Drupal OpenID Connect / OAuth client module. The Red Hat and related sources describe a flaw due to improper handling of case sensitivity that allows privilege escalation by manipulating user fields, potentially enabling unauthorized elevation of access for affected user...

CVE-2026-3531

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels...

CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

SQLBot Access Control Vulnerability

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.5.0 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for the...

CVE-2025-62527 Taguette vulnerable to password reset link poisoning

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

Apache Log4cxx 安全漏洞

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

PT-2025-32578 · WordPress · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to channels, potentially allowing unauthorized access to channel subscription details. This occurs through an API...

PT-2025-32459 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A cross-site scripting issue exists due to the manipulation of the Registro de atividades/Conteúdos argument. The issue affects an unknown function of the...

PT-2025-32584 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, allowing attackers to create channel subscriptions without proper authorization via an API call to th...

PT-2025-32572 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to Confluence spaces. This allows attackers to modify subscriptions for Confluence spaces that a user does not have...

CVE-2023-1367

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

GLPI Inventory Plugin 安全漏洞

GLPI Inventory Plugin is an open source plugin for GLPI France. It is used to handle various types of tasks for GLPI agents. A security vulnerability exists in GLPI Inventory Plugin versions prior to 1.5.0 that stems from improper access control...

Easy!Appointments 访问控制错误漏洞

Easy!Appointments is a web-based appointment and schedule management system. An access control error vulnerability exists in versions prior to Easy!Appointments 1.5.0 that stems from the presence of an access control error vulnerability...