CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

CVE-2026-31815

CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

PT-2026-24466

Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0 Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intende...

📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection

Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

USN-2818-1 openjdk-7 vulnerability

It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)

Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...