5 matches found
CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection
Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...
CVE-2023-36679
Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6...
PT-2024-12575 · Brainstorm Force · Spectra
Name of the Vulnerable Software and Affected Versions: Brainstorm Force Spectra versions n/a through 2.6.6 Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized access to certai...
Kylin can receive user input and load any class through Class.forName(...).
Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...
CVE-2019-5718
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a gett61string length check...