57 matches found
CVE-2026-5025
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...
CVE-2026-5025
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...
CVE-2026-5025
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...
CVE-2026-5025
CVE-2026-5025 (LangFlow) exposes full application logs via /logs and /logs-stream endpoints. Both endpoints require only basic authentication (get_current_active_user) with no privilege checks (e.g., is_superuser), enabling read access for any authenticated user. Likely impact on confidentiality ...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from a lack of...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
WordPress plugin Autochat Automatic Conversation 安全漏洞
WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
Jenkins Start Windocks Containers Plugin 安全漏洞
Jenkins Start Windocks Containers Plugin is an open source plugin for Jenkins to link WinDocks hosts. A security vulnerability exists in Jenkins Start Windocks Containers Plugin 1.4 and earlier versions, which stems from a lack of privilege checking and could lead an attacker to connect to an...
WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability
WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.503 and earlier and LTS 2.492.2 and earlier, which stems from a lack of...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.503 and earlier and LTS 2.492.2 and earlier, which stems from a lack of...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an authorization issue vulnerability that stems from an interface without privilege checks in the DFR module. An attacker could...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in the wifi service...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking in the enginnermode service, with a possible method to write a record of an application's privilege usage...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking in the ims service, with a possible method to write a privilege usage log of an application...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in the firewall service, with a possible method to write a record of an application's privilege usage...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking in the omacp service, with a possible method to write a record of an application's privilege usage...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. UNISOC Chipsets has a security vulnerability that stems from a lack of privilege checking in telecom. An attacker could exploit the vulnerability to cause information leakage...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in the messaging service, leading to local information leakage. The following products are affected:...