7 matches found
CVE-2026-43978
CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...
CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...
CVE-2026-43948
Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...
EUVD-2026-18756
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
CVE-2025-67539
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...
CVE-2010-10013
An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...
iRedAdmin 安全漏洞
iRedAdmin is a free open source mail server solution from iRedAdmin Open Source. A security vulnerability exists in iRedAdmin prior to version 2.6 that stems from the ordername parameter containing a cross-site scripting vulnerability...