CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

CVE-2026-44719

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the DagVersion listing API when the dagid parameter is set to "". An attacker can obtain unauthorized metadata about DAGs by sending a request with a wildcard value, bypassing...

PT-2026-25891

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag id set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users a...

WordPress plugin Tainacan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2022-39951

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. CVE-2021-22239 Note that Nessus relies on the presence ...

CVE-2024-0516

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update...

CVE-2024-1375

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the savebulkdatas function in all versions up to, and including, 5.9.10. This makes it possible for unauthenticated attackers to update postmetadata via a forged request, granted...

WordPress plugin Event post 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2023-30946 Issues notification metadata lacks authorization

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...

DRUPAL-CONTRIB-2023-004

This module enables you to use the media library in custom forms without the Media Library Widget. The module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The...

Improper access control

Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...

CVE-2022-37316

Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...

Unauthorized Metadata Modification

Apache Geode is vulnerable to unauthorized metadata modification. This is due to a lack of proper validation of the permissions of a user who has write permissions for specific data regions. When Apache Geode is operating in secure mode, this allows the user to perform unauthorized metadata...