CVE-2026-27672 Missing Authorization check in Material Master Application

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

EUVD-2026-19845

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-29096

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

CVE-2026-29096

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2025-20383

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

EUVD-2002-0543

Malware in sbrugna...

EUVD-2021-28166

Malicious code in bioql PyPI...

PT-2025-36549

Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...

Linux Distros Unpatched Vulnerability : CVE-2021-23203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF...

CVE-2024-4465

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

MyQ Solution Print Server和MyQ Solution Central Server 安全漏洞

MyQ Solution Print Server and MyQ Solution Central Server are both products of MyQ Solution, Inc.MyQ Solution Print Server is an easy-to-use print management software. It can control printers, reduce printing costs, and be environmentally friendly by reducing unnecessary waste.MyQ Solution Centra...

UBUNTU-CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

CVE-2022-28216

SAP BusinessObjects Business Intelligence Platform BI Workspace - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing ...

CVE-2021-46164

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. Versions 6.4.1 and earlier and 6.3.15 and...

ProConf Information Disclosure Vulnerability

ProConf is a conference management system. An information disclosure vulnerability exists in ProConf versions prior to 6.1. An attacker can exploit the vulnerability by changing the value of the Paper ID to view or gain access to submitted reports titles and abstracts and authors' personal...