105 matches found
CVE-2026-40925
WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...
PT-2026-33919
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
PT-2026-20616
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...
WordPress plugin Mega Store Woocommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-25517
Wagtail CVE-2026-25517 involves missing permission checks on admin preview endpoints. Before versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, an admin user who knows a model’s fields can craft a form submission to render previews of pages, snippets, or site settings with arbitrary data. The preview ...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Vulnerabilities exist in versions prior to Wagtail 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3. These vulnerabilities stem from the lack of permission checks on preview endpoints, which could allow unauthorized access to any...
PT-2026-6362
Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...
BIT-DISCOURSE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742
Discourse (open‑source discussion platform) is affected in CVE-2026-24742 for versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The issue allows non‑admin moderators to view sensitive data in staff action logs that should be restricted to administrators, exposing webhook URLs and secre...
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2025-34412
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...
EUVD-2018-6759
Malware in sbrugna...
EUVD-2025-6665
Malicious code in bioql PyPI...
EUVD-2025-12351
Malicious code in bioql PyPI...
EUVD-2024-52175
Malicious code in bioql PyPI...
EUVD-2024-54706
Malicious code in bioql PyPI...