PT-2026-37257

Name of the Vulnerable Software and Affected Versions Kimai versions 2.27.0 through 2.53.x Description Users with ROLE USER privileges can create a tag containing a formula string such as =SUM54+51 via the 'POST /api/tags' endpoint and assign it to a timesheet. The ArrayFormatter.formatValue...

EUVD-2026-8824

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

Tenda W30E cross-site scripting vulnerability

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in user-created functions, which could lead to storage-based cross-si...

WEBIGniter 跨站脚本漏洞

WEBIGniter is a content management system from WEBIGniter, Inc. A cross-site scripting vulnerability exists in WEBIGniter version 28.7.23, which stems from a cross-site scripting vulnerability in the user-created process that could lead to the execution of malicious JavaScript code...

CVE-2025-26391 SolarWinds Observability Self-Hosted XSS Vulnerability

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

EUVD-2007-2984

Malware in sbrugna...

Unspecified vulnerability in Lunary (CNVD-2025-06938)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in lunary that stems from a user-created endpoint that does not restrict administrators from inviting users with billing roles, which can be exploited by an attacker to cause unauthorized access...

typo3 Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...

PT-2024-40044 · Neos · Neos

Name of the Vulnerable Software and Affected Versions: Neos affected versions not specified Description: The issue allows unauthorized access to internal workspaces in Neos without authentication. This means that internal workspaces, which are non-public and do not have an owner, can be viewed by...

Privilege Escalation

sentry is vulnerable to Privilege Escalation. An authenticated attacker is able to take advantage of an access token with a restricted scope by requesting a list of all user-created tokens, including those with wider scopes from the /api/0/api-tokens/ endpoint, resulting in privilege escalation...

Cashier Queuing System 安全漏洞

Cashier Queuing System is a cashier queuing system by Carlo Montero Personal Developer. A security vulnerability exists in Cashier Queuing System version 1.0, which stems from some unknown processing of user-created handlers being affected, potentially leading to a cross-site scripting attack...

Brave Search wants to replace Google’s biased search results with yours

Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...

User created baskets are owned by defaultController

Handle 0x0x0x Vulnerability details User created baskets are owned by defaultController and help from the defaultController is needed to use any functionality or setup the basket. In test simply one account is used, but when a user wants to create a basket, they can’t control it properly...

Workspace App 1912.1000 - Workspace App Update removes user created shortcuts from Desktop

Consider the following scenario: Users have created shortcuts of published applications manually on their Desktop and have also pinned it to the task bar. When the Receiver is upgraded from 4.9.6001 to Workspace App for Windows 1912 or 2006, on the first launch of a published app, the shortcuts...

Understanding NetScaler SD-WAN Route Defaults

The following are some points that will help you understanding NetScaler SD-WAN route defaults: The default route cost applied to all user-created routes is 5 unless explicitly set otherwise. All routes created by the user have the default route cost unless the user explicitly sets an alternate...

[SECURITY] [DSA 3046-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq -...

CVE-2014-4618

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object...

Code injection

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object...

CVE-2014-4618

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object...