EUVD-2026-29845

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

PT-2026-24108

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

Bagisto has HTML Filter Bypass that Enables Stored XSS

Summary A stored Cross-Site Scripting XSS vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be...

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

EUVD-2025-31774

Malicious code in bioql PyPI...

CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input...

CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input...

PT-2025-40023

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.0.0 through 2.0.106 IBM Planning Analytics Local versions 2.1.0 through 2.1.13 Description A malicious privileged user may be able to bypass the user interface to obtain unauthorized access to sensitive...

IBM Content Navigator Input Validation Error Vulnerability (CNVD-2020-47545)

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. An input validation error vulnerability exists in IBM Content Navigator version 3.0CD. An attacker can exploit this vulnerability to bypass the...

Google Chrome Security Bypass Vulnerability (CNVD-2020-49878)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in the installer in versions prior to Google Chrome 84.0.4147.125 that stems from a failure to properly secure the user interface. An attacker can exploit the vulnerability to bypass security...

EMC RecoverPoint and EMC RecoverPoint for Virtual Machines Command Injection Vulnerability

EMC RecoverPoint and EMC RecoverPoint for Virtual Machines VMs are both products of EMC Corporation. The former is a set of disaster recovery and data protection software, and the latter is a disaster recovery solution for VMware environments. A command injection vulnerability exists in EMC...

CVE-2016-6649

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root...