CVE-2026-40172

The CVE-2026-40172 entry concerns authentik (open-source ID provider). A flaw in PATCH /api/v3/core/users/{pk}/ lets a caller with change_user on a target user assign arbitrary groups via UserSerializer, including groups with is_superuser=True, without requiring enable_group_superuser. This resul...

CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online TWO 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the...

stored XSS in JBoss BPM suite business process editor

A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users...

Cisco Prime Central for Hosted Collaboration Solution Cross-Site Request Forgery Vulnerability

Cisco Prime is a service-centric solution that integrates the management of wired and wireless LANs, WANs and data centers from endpoints, network devices and applications, and filters information. A cross-site request forgery vulnerability exists in Cisco Prime Central for Hosted Collaboration...

Microsoft Office Excel Label Record Buffer Overflow (MS11-021) - Ver2 (CVE-2011-0098)

A code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to a flaw in the parsing of Label record in Excel documents, causing a buffer overflow. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file. In ...