Lucene search
+L

7 matches found

CVE
CVE
added yesterday15 views

CVE-2026-43978

CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...

8.1CVSS6AI score0.00026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 5:3 p.m.20 views

CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...

8.1CVSS0.00555EPSS
Exploits0References4
CVE
CVE
added 2026/05/12 8:47 p.m.19 views

CVE-2026-43948

Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...

9.9CVSS5.9AI score0.00371EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 3:51 p.m.5 views

EUVD-2026-18756

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

6.3CVSS5.8AI score0.00449EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.7 views

CVE-2025-67539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...

6.5CVSS6.4AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.22 views

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

9.3CVSS8AI score0.01163EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/23 12:0 a.m.5 views

iRedAdmin 安全漏洞

iRedAdmin is a free open source mail server solution from iRedAdmin Open Source. A security vulnerability exists in iRedAdmin prior to version 2.6 that stems from the ordername parameter containing a cross-site scripting vulnerability...

6.1CVSS6.1AI score0.00333EPSS
Exploits0References6
Rows per page
Query Builder