3406 matches found
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator
MantisBT 2.28.3 and earlier contains a critical authentication bypass in the SOAP API's mcichecklogin function. Any user knowing any valid cookiestring can authenticate as any other user knowing their username, including the administrator, without knowing the target's password. The vulnerability ...
Edito CMS - Sensitive Data Leak
Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...
EUVD-2026-44578
Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a Denial of Service DoS via removing the license from the webserver...
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...
EUVD-2026-43249
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...
Cisco ASA/FTD Software - Cross-Site Scripting
Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are...
CVE-2026-49213 TypeBot: SSRF protection bypass via IPv6 unspecified address in Typebot HTTP request execution
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...
CVE-2026-53961
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
CVE-2026-53961
CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
GHSA-MG7H-Q7HW-M596 vulnerabilities
Vulnerabilities for packages: linux-aws...
CVE-2026-35552
In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...
CVE-2026-54783
CoreWCF (Net Core port of WCF) has an XML Signature Wrapping vulnerability in WS-Security endorsing/signature verification prior to v1.8.1 and v1.9.1, where the ds:Signature may not cover the expected Security header target. An attacker who captures a signed SOAP envelope can replay arbitrary ser...
CVE-2026-54773
CoreWCF WS-Security signature substitution vulnerability: prior to versions 1.8.1 and 1.9.1, WS-Security verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause attacker-supplied ds:Signature to b...
CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...
CVE-2026-58501
Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...
CVE-2026-53225 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...
CVE-2026-53220 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...
GHSA-6GQ6-HXJH-9GRQ vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...