Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

CVE-2026-26291

GROWI prior to or including v7.4.6 is affected by a stored cross-site scripting vulnerability (CVE-2026-26291). The issue allows an arbitrary script to run in a victim’s browser if exploited. According to the description, this is a stored XSS affecting users, with CVSS scores: AV:N/AC:L/PR:L/UI:A...

CVE-2026-26291

Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser...

Missing authorization in the OpenAI thread/message API endpoints of GROWI

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Missing authorization in the OpenAI thread/message API endpoints CWE-862 - CVE-2026-25083 This can be exploited only when an attacker knows a shared AI assistant's identifier Sho Odagiri of GMO Cybersecurity by Ierae, In...

CVE-2024-32641

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

CVE-2024-32643

Masa CMS exposes an authentication-bypass vulnerability where adding a /tag/ declaration to a page URL causes the CMS to render content regardless of group restrictions. Affected versions are prior to 7.2.8, 7.3.13, and 7.4.6. The issue is fixed in 7.2.8, 7.3.13, and 7.4.6. The CVSS data from the...

EUVD-2024-30445

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2024-32641

Masa CMS (open source Enterprise Content Management) has a remote code execution vulnerability in addParam that processes the criteria input and is evaluated by setDynamicContent, enabling unauthenticated code execution via the m tag. Affected versions are before 7.2.8, 7.3.13, and 7.4.6. Patches...

CVE-2024-32641 Masa CMS Vulnerable to Pre-Auth RCE via JSON API

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

PT-2025-48952

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.8 Masa CMS versions prior to 7.3.13 Masa CMS versions prior to 7.4.6 Description Masa CMS is an open source Enterprise Content Management platform. If the URL to a page is modified to include a /tag/ declaration,...

CVE-2023-24736

PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...

WordPress Speed Optimizer Plugin <= 7.4.6 is vulnerable to Broken Access Control

Software Speed Optimizer Type Plugin Vulnerable versions = 7.4.6 Fixed in 7.5.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32532 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4bd495bc61aa Credits Rafie Muhammad Patchstack...

CVE-2023-0950

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

PT-2023-19761 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.4.6 Description: A reflected cross-site scripting XSS issue was found in PMB via the query parameter at "/admin/convert/export z3950.php". This allows for potential malicious script execution. Recommendations: For PMB version...