EUVD-2026-31421

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

CVE-2026-8679 AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

CVE-2026-8679

The AudioIgniter WordPress plugin (up to v2.0.2) is affected by an Insecure Direct Object Reference. The handle_playlist_endpoint() function, mounted on template_redirect, accepts a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite,...

WordPress AudioIgniter Music Player plugin <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter vulnerability

Unauthenticated Insecure Direct Object Reference to 'audioigniterplaylistid' Parameter vulnerability discovered by ? in WordPress Plugin AudioIgniter Music Player versions = 2.0.2...

EUVD-2026-31355

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

EUVD-2026-31354

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

EUVD-2026-31352

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

PT-2026-42737

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle playlist endpoint function hooked to template redirect accepting a user-controlled playlist ID via the audioigniter playlist id query var or t...

PT-2026-42797

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093

CVE-2026-4093 is a stored XSS in the Drupal 7 Term Reference Tree module affecting versions up to and including 7.x-1.11. Two vectors are described: Vector A (token display templates): attacker-controlled token output (e.g., term description) is rendered without proper sanitization when the Token...

GHSA-45VW-WH46-2VX8 Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

CVE-2026-8337

Concrete CMS

CVE-2026-8337

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...