CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level)

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

CVE-2026-5599

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

PT-2026-30436

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds...

venueless 安全漏洞

Venueless is an open-source online activity platform developed by Venueless. There are security vulnerabilities in Venueless, stemming from improper permission management. These vulnerabilities could allow users with API access and the “Manage Users” permission to delete user accounts from other...

CVE-2026-0664

The Royal Addons for Elementor plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) flaw via the button_text parameter in versions up to 1.7.1049, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor+ privileges can inject scri...

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

CVE-2026-20160

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

Bulwark Webmail 安全漏洞

Bulwark Webmail is an open-source, self-hosted webmail client developed by Bulwark Mail. Versions of Bulwark Webmail prior to 1.4.10 contained a security vulnerability. This vulnerability occurred because the GET /api/auth/session endpoint included the user’s plaintext password in the JSON...

CVE-2026-4989

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b2 and 2.4.0p25 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission validation for multiple REST API quick-setup endpoints, which could allow...

CVE-2026-32273 Discourse: XSS on category description update via API

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

PT-2026-29166

Name of the Vulnerable Software and Affected Versions Sulu versions 1.0.0 through 2.6.21 Sulu versions 3.0.0 through 3.0.4 Description Sulu is a PHP content management system built on the Symfony framework. A user with permission to access the Sulu Admin interface, through at least one role, coul...

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-33763

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideopasswordiscorrect API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean passwordIsCorrect field...

CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...