CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

WordPress WP Go Maps plugin <= 10.1.01 - Unauthenticated Arbitrary Record Creation vulnerability

Unauthenticated Arbitrary Record Creation vulnerability discovered by Thanh Điềm in WordPress Plugin WP Go Maps versions = 10.1.01...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the create and store functions in ApiEntityListQuickCreationCommandController.php. A user can create or submit new records on the Quick Creation Command endpoint for any entity with Quick Creation Command...

CVE-2026-7743

creationtimestamp| type| source ---|---|--- 2026-05-04 10:46:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzimpqg2u2t...

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

GHSA-5J7Q-WMH7-CQHG TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

CVE-2025-59020

The CVE-2025-59020 issue in TYPO3 CMS arises from abusing the defVals parameter to bypass field-level access checks during backend record creation. This allows insertion of data into restricted exclude fields for tables where the user has write access to a limited set of fields. Affected TYPO3 ve...

PT-2026-2474

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

WorkDo HRM SaaS HR and Payroll Tool 安全漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. A security vulnerability exists in WorkDo HRM SaaS HR and Payroll Tool version 8.1, which stems from improperly set permissions and could result in an authenticated user creating leave or resignation...

CVE-2025-49529

creationtimestamp| type| source ---|---|--- 2025-08-06 01:04:19+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81 2025-08-21 10:03:52+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81...

CVE-2025-53684

creationtimestamp| type| source ---|---|--- 2025-07-09 05:25:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltj3bmvxrb2w...

Archer Platform 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Archer Platform versions 6 through 6.14.00202.10024 that originates from an authenticated user...

CVE-2024-56969

creationtimestamp| type| source ---|---|--- 2025-01-27 19:16:29+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqnowzqhd2n 2025-01-27 19:49:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113902050942128961 2025-01-27 21:52:00+00:00| seen|...

GHSA-RH4J-5RHW-HR54

creationtimestamp| type| source ---|---|--- 2025-01-27 17:41:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113901548168353266 2025-01-27 21:08:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3179...

CVE-2024-44195

creationtimestamp| type| source ---|---|--- 2024-12-20 04:10:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113683192678311764 2024-12-20 04:15:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpjmmsnx42m 2024-12-20 05:52:24+00:00| seen|...