CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

The vulnerability of the exportXFAData method in the PDF viewer software for electronic documents, Foxit PDF Reader (formerly Foxit Reader), and the PDF editing software, Foxit PDF Editor (formerly Foxit PhantomPDF), allows a perpetrator to execute arbitrary code.

The vulnerability of the exportXFAData method in the PDF document viewing software Foxit PDF Reader formerly Foxit Reader and the PDF file editing software Foxit PDF Editor formerly Foxit PhantomPDF is related to insufficient data authenticity checking. Exploiting this vulnerability could allow a...

A OS Command Injection vulnerability exists in Node.js versions <14.21.1 <16.18.1 <18.12.1 <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

...

The vulnerability affects the service for managing container images on the analytics and automation platform for Cisco Nexus Dashboard. This allows a malicious actor to load arbitrary container images.

The vulnerability of the service responsible for managing container images on the analytics and automation platform for Cisco Nexus Data Center solutions is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to download arbitrary...

The vulnerability of the Extensions API of Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Extensions API in Google Chrome and Microsoft Edge lies in the improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

DEBIAN-CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...