149 matches found
Bitrix Site Manager - Remote Code Execution
In the vote aka "Polls, Votes" module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. id: CVE-2022-27228 info: name: Bitrix Site Manager - Remote Code Execution author: theamanrawat severity: critical description: In the vote aka "Polls, Votes...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, as well as versions before 2026.2.1 and 2026.1.2, have security...
CVE-2026-25126
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
CVE-2026-25126
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
CVE-2026-25126
PolarLearn prior to version 0-PRERELEASE-15 is vulnerable in the vote API at POST /api/v1/forum/vote, where the request body field direction is not validated at runtime. This allows sending arbitrary strings; downstream VoteServer treats any non-up and non-null value as a downvote and stores the ...
CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
EUVD-2025-203371
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members and potentially other authenticated users to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vo...
WeKan 安全漏洞
WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan versions 18.15 and earlier, which stems from an authorization flaw in card update processing that could lead to vote forgery and unauthorized voting...
CVE-2025-65028
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...
EUVD-2025-198225
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...
CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...
EUVD-2005-4046
Malware in sbrugna...
EUVD-2009-0933
Malware in sbrugna...
EUVD-2008-7004
Malware in sbrugna...
EUVD-2018-7691
Malware in sbrugna...
EUVD-2020-21339
Malware in sbrugna...
EUVD-2015-6775
Malware in sbrugna...
EUVD-2014-1166
Malware in sbrugna...
EUVD-2024-45710
Malicious code in bioql PyPI...
EUVD-2023-33540
Malicious code in bioql PyPI...