EUVD-2026-29333

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

CVE-2026-42092

CVE-2026-42092 affects titra (open source time tracking) in version 0.99.52. The globalsettings Meteor publication returns all global settings without admin/role checks, allowing any authenticated user to subscribe via DDP and retrieve sensitive fields such as google_secret, openai_apikey, and go...

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability

Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

CVE-2025-62244

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

CVE-2025-266427

creationtimestamp| type| source ---|---|--- 2025-04-08 16:50:53+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0107...

CVE-2024-28778

CVE-2024-28778 affects IBM Controller 11.1.0 and IBM Cognos Controller 11.0.0–11.0.1. The issue is exposure of Artifactory API keys, enabling users to publish code to private packages or repositories under the organization’s name. IBM’s integration bulletin lists CVSS 3.1 base score 6.5 (Network,...

dotCMS 安全漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS that stems from the fact that dotCMS does not clean up temporary file names. An...

esas-joint-committee.europa.eu XSS vulnerability

Open Bug Bounty ID: OBB-311039 Description| Value ---|--- Affected Website:| esas-joint-committee.europa.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

1 Direction - Songs Quiz - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 1 Direction - Songs Quiz published at the 'play' market has multiple vulnerabilities...