CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

CVE-2026-42513

CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...

PT-2026-35881

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Improper authentication logic relies on client-side response parameters to determine authentication status. A remote attacker can intercept and modify the server response to bypass...

CVE-2026-1014

IBM InfoSphere Information Server is vulnerable to exposure of sensitive information via JSON server response manipulation (CVE-2026-1014). Affects InfoSphere Information Server 11.7.0.0 to 11.7.1.6. Root cause: cleartext transmission of sensitive information (CWE-319) via JSON responses. CVSS Ba...

CVE-2026-1014

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

PT-2026-28120

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

PT-2026-3328

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.6 Description A denial-of-service issue exists in Open5GS, specifically within the SGW-C Serving Gateway Control plane component. The issue resides in the handling of Create Session Response messages and affects the...

CVE-2025-66028

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-66028

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...

GHSA-675Q-66GF-GQG8 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...

EUVD-2025-199657

OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation...

PT-2025-48172

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 8.0.5567 Description OneUptime, a service monitoring solution, contains a flaw that allows for privilege escalation. By altering the isMasterAdmin parameter within the login response, an attacker can potentially gai...

CVE-2025-59151

Pi-hole Admin Interface prior to 6.3 is vulnerable to CRLF injection via redirects on requests for files ending with .lp, allowing an attacker to inject arbitrary HTTP response headers and potentially affect session fixation, cache poisoning, and weakening of CSP or X-XSS-Protection. Root cause: ...

EUVD-2006-6853

Malware in sbrugna...

EUVD-2023-44282

Malicious code in bioql PyPI...