378 matches found
CVE-2026-59100
CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...
EUVD-2026-40112
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...
CVE-2026-57340
Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...
EUVD-2026-40111
Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...
CVE-2026-55583
Twenty, before version 2.9.0, is affected by a cross-workspace insecure direct object reference in the AI agent monitor’s Resolver (agent-turn.resolver.ts). The query paths agentTurns(agentId) and evaluateAgentTurn(turnId) retrieved rows by agentId or id without restricting workspaceId, and guard...
WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...
EUVD-2026-37624
Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...
EUVD-2026-37588
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-54192
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
EUVD-2026-36899
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
EUVD-2026-36847
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
PT-2026-49477
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-26237
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
CVE-2026-44083 QuMagie
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...
CVE-2026-26236
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
CVE-2026-26236 QuMagie
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
CVE-2026-46837
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...