157 matches found
CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
CVE-2026-63101
Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...
EUVD-2026-45202
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys
Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...
CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...
Malicious code in hyatt-residential-roster (npm)
Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...
MAL-2025-48691 Malicious code in hyatt-residential-roster (npm)
Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...
EUVD-2006-6833
Malware in sbrugna...
EUVD-2016-10715
Malware in sbrugna...
EUVD-2015-8565
Malware in sbrugna...
EUVD-2021-13582
Malware in sbrugna...
EUVD-2004-2381
Malware in sbrugna...
EUVD-2016-2939
Malware in sbrugna...
EUVD-2019-7043
Malware in sbrugna...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
CVE-2024-51850
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...
CVE-2021-26795
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
PT-2024-35698 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...