Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

CVE-2026-8383

The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

Linux Distros Unpatched Vulnerability : CVE-2026-9747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. CVE-2026-9747 Note that Nessus relies on the presence of...

EUVD-2026-35863

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

CVE-2026-9747

The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

CVE-2026-9241 FOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' Parameter

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...

Exploit for CVE-2026-5118

CVE-2026-5118 — Divi Form Builder roles && !isset$rolesobj-...

WordPress plugin Divi Form Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

GHSA-H98R-WV3H-FR38 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

GHSA-JX2X-J75F-XQ3J Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

GHSA-4VG5-RP28-GVJF Open WebUI has Improper Authorization Control

CONFIDENTIAL Vulnerability Disclosure Analysis Documentation --- Vulnerability Details | | Field | Value | |---|-------|-------| | 1 | Discoverer | Taylor Pennington of KoreLogic, Inc. | | 2 | Date Submitted | June 11, 2024 | | 3 | Title | Open WebUI Improper Authorization Control | | 5 | Affecte...