CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

CVE-2026-13482

CVE-2026-13482 affects skypilot-org/skypilot

CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

CVE-2026-49413

The CVE-2026-49413 issue affects the Linuxulator in FreeBSD, where the runtime determines set-user-ID/set-group-ID status by the P_SUGID flag. During execve, P_SUGID is not yet set when the ELF auxiliary vector is constructed, causing AT_SECURE to be incorrectly set to zero for setuid/setgid exec...

CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

CVE-2026-44731

OpenProject contains an input leakage in the web application’s meetings filter feature that lets an attacker determine whether a user ID is valid and view the user’s full name, enabling enumeration of existing accounts. The issue occurs before versions 17.3.2 and 17.4.0 and is resolved by upgradi...

CVE-2026-52784

CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

CVE-2026-12416

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...

CVE-2026-12416 Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...

CVE-2026-12416

The CVE affects the WordPress Invoice Generator plugin up to version 1.0.0. The root cause is pravel_invoice_change_password(), registered as a nopriv AJAX handler without nonce or authorization checks, which compares the supplied reset_activation_code to the user’s forgot_email meta with a loose...

EUVD-2026-38132

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

CVE-2026-56345

AVideo 29.0 contains an authorization bypass via the Meet plugin's uploadRecordedVideo.json.php endpoint. The vulnerability derives the target users_id from the uploaded filename without verification, allowing a crafted file (e.g., filename like 1-anything.mp4) to trigger passwordless User-&gt;lo...

CVE-2019-25757

CVE-2019-25757 affects Joomla vWishlist 1.0.1. The vulnerability is an SQL injection in the vproductid and userid parameters that authenticated attackers can exploit by sending crafted POST requests to the component, enabling extraction of sensitive database information (e.g., version and databas...

EUVD-2017-18999

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

CVE-2017-20272 Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iouring: fixed the memory leak related to the uid during file registration. When there are no files for iosqefilesscm to process within a certain range, it will free all resources and return. However, it forgot to set the uid...