25 matches found
EUVD-2026-26194
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
CVE-2026-6107
Affected product: 1Panel-dev MaxKB (
PT-2026-32127
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...
BIT-NIFI-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...
GHSA-C5W7-M8WF-XC77 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...
Missing Authorization
Overview org.apache.nifi:nifi-web-api is a system to process and distribute data. Affected versions of this package are vulnerable to Missing Authorization when updating configuration properties on extension components with restricted permissions. An attacker can modify sensitive configuration...
CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...
CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...
console 路径遍历漏洞
console is an application by Grayson Groshong Individual Developer. A path traversal vulnerability exists in console versions prior to 2.8.0, which stems from a path traversal that could result in a write to a non-target directory...
Linux Distros Unpatched Vulnerability : CVE-2022-33980
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolatio...
PT-2025-33855 · Flaskblog · Flaskblog
Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A flaw exists where there is no validation of comment ownership during deletion. This allows any user to delete comments belonging to other users...
PT-2025-21163 · Netgate · Pfsense Ce
Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...
PT-2025-21161 · Netgate · Pfsense Ce
Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to Cross Site Scripting XSS in the widgets/log.widget.php file. This...
PT-2025-21162 · Unknown +1 · Pfsense Ce +1
Name of the Vulnerable Software and Affected Versions: pfSense CE versions prior to 2.8.0 beta release corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue is related to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to...
CVE-2024-47350
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through = 2.8.0...
WordPress Product Delivery Date for WooCommerce - Lite plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability
WordPress Product Delivery Date for WooCommerce - Lite plugin = 2.8.0 - Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Product Delivery Date for WooCommerce – Lite versions = 2.8.0...
CVE-2024-24683 Apache Hop Engine: ID isn't escaped when generating HTML
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...
BIT-AIRFLOW-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the executi...
PYSEC-2023-267
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.Users are recommende...