291 matches found
CVE-2026-8239
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized parties to access confirmation messages and obtain ratings...
CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...
PT-2026-36924
ITEMS ADDED: Filters Add filter for Atmos PM-5173 Filters Add filter for audio layout PM-5118 Filters Add filters for video, audio, and subtitle codecs PM-5117 Metadata Add support for RottenTomatoes audience and average ratings to Nfo parser PM-5176 Metadata Detect Dolby Atmos PM-4004 Metadata...
WordPress Five-Star Ratings Shortcode plugin <= 1.2.56 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Five-Star Ratings Shortcode versions = 1.2.56...
[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44
Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...
CVE-2023-40332
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91...
Malicious code in namei-maila-abinaui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d79768eaac72a043553803c1ae2c2c4daba9fb5d265d6e9c6249ddc8315888a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ocha-mieaceh48-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f6de38385ab77e2a48a9b7db95c75462d3208221b955b8d6006e2804dac32c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zul-tumis6-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da7f64087acb9777682d8c026a6f8e23f378c5b1c251a088fe2611bca816c872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114196 Malicious code in gilang-kue60-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2b2ec54f2d1f3192cdd8cf210870cf643d28d88f77602461a1c2303a35172bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2014-4775
Malware in sbrugna...
EUVD-2021-0624
Malware in sbrugna...
EUVD-2005-4512
Malware in sbrugna...
EUVD-2018-14711
Malware in sbrugna...
EUVD-2020-23112
Malware in sbrugna...
EUVD-2023-27788
Malicious code in bioql PyPI...
EUVD-2023-49945
Malicious code in bioql PyPI...
EUVD-2023-28050
Malicious code in bioql PyPI...
EUVD-2023-40477
Malicious code in bioql PyPI...