Exploit for CVE-2026-54597

CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

CVE-2026-42291

Summary (CVE-2026-42291) SysReptor (Professional/Community) exposes read/write access to users’ personal notes via un-authorized sharing-link creation. From version 2026.4 up to before 2026.27, authenticated attackers who know a victim’s note ID could list and create sharing links to that user’s ...

CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

EUVD-2026-28848

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

PT-2026-39204

Name of the Vulnerable Software and Affected Versions SysReptor versions 2026.4 through 2026.26 Description Improper authorization in endpoints used for reading and creating sharing links for personal notes allows authenticated attackers with a victim's note ID to list and create sharing links to...

SysReptor 安全漏洞

SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor from 2026.4 to 2026.27 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization at the endpoints when reading and creating personal note-sharing link...

EUVD-2023-44237

Malicious code in bioql PyPI...

CVE-2024-54470

creationtimestamp| type| source ---|---|--- 2025-01-15 19:55:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1837 2025-01-15 19:56:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113834132073671712 2025-01-15 20:16:01+00:00| seen|...

WPUpper Share Buttons <= 3.43 - Missing Authorization

Description The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected...

Think Before You Share the Link: SaaS in the Real World

Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace's homepage. It can be found six times on Microsoft 365's homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are...

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

CVE-2021-37403

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...

Microsoft OneDrive for Android Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android. This could allow an attacker to bypass the passcode or fingerprint requirements of the App. The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharin...

CVE-2016-4048

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...