ReportizFlow
Filtered by vendor
Subscriptions
Total
337765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1776 | 2 Owen2345, Tuzitio | 2 Camaleon Cms, Camaleon Cms | 2026-03-11 | N/A |
| Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend. | ||||
| CVE-2026-3759 | 1 Projectworlds | 1 Online Art Gallery Shop | 2026-03-11 | 7.3 High |
| A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3761 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2026-03-11 | 5.4 Medium |
| A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-30247 | 1 Tencent | 1 Weknora | 2026-03-11 | 5.9 Medium |
| WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12. | ||||
| CVE-2026-3760 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-11 | 7.3 High |
| A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2026-3762 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2026-03-11 | 7.3 High |
| A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3758 | 1 Projectworlds | 1 Online Art Gallery Shop | 2026-03-11 | 7.3 High |
| A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-30967 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-11 | 8.8 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspection endpoint, but does not verify that the token belongs to the user identified by authData.id. An attacker with any valid OAuth2 token from the same provider can authenticate as any other user. This affects any Parse Server deployment that uses the generic OAuth2 authentication adapter (configured with oauth2: true) without setting the useridField option. This vulnerability is fixed in 9.5.2-alpha.9. and 8.6.22. | ||||
| CVE-2026-30825 | 1 Hoppscotch | 1 Hoppscotch | 2026-03-11 | 0 Low |
| hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1. | ||||
| CVE-2026-30827 | 2 Express-rate-limit, Express-rate-limit Project | 2 Express-rate-limit, Express-rate-limit | 2026-03-11 | 7.5 High |
| express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking (/56 by default) to all addresses that net.isIPv6() returns true for. This includes IPv4-mapped IPv6 addresses (::ffff:x.x.x.x), which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all IPv4-mapped addresses are zero, a /56 (or any /32 to /80) subnet mask produces the same network key (::/56) for every IPv4 client. This collapses all IPv4 traffic into a single rate-limit bucket: one client exhausting the limit causes HTTP 429 for all other IPv4 clients. This issue has been patched in versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0. | ||||
| CVE-2026-30828 | 2 Ellite, Wallosapp | 2 Wallos, Wallos | 2026-03-11 | 7.5 High |
| Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2. | ||||
| CVE-2026-30829 | 2 Bluewave-labs, Bluewavelabs | 2 Checkmate, Checkmate | 2026-03-11 | 5.3 Medium |
| Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url endpoint. The endpoint does not enforce authentication or verify whether a status page is published before returning full status page details. As a result, unpublished status pages and their associated internal data are accessible to any unauthenticated user via direct API requests. This issue has been patched in version 3.4.0. | ||||
| CVE-2026-30830 | 1 Kepano | 1 Defuddle | 2026-03-11 | 6.1 Medium |
| Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event handler. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-30839 | 2 Ellite, Wallosapp | 2 Wallos, Wallos | 2026-03-11 | 4.3 Medium |
| Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in version 4.6.2. | ||||
| CVE-2026-30972 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-03-11 | 7.5 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint (/batch) processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle multiple requests targeting a rate-limited endpoint into a single batch request to circumvent the configured rate limit. Any Parse Server deployment that relies on the built-in rate limiting feature is affected. This vulnerability is fixed in 9.5.2-alpha.10 and 8.6.23. | ||||
| CVE-2026-3351 | 3 Canonical, Linux, Lxd | 3 Lxd, Linux Kernel, Lxd | 2026-03-11 | 4.3 Medium |
| Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server. | ||||
| CVE-2026-29121 | 2 Datacast, International Datacasting Corporation | 3 Sfx2100, Sfx2100 Firmware, Sfx2100 Satellite Receiver | 2026-03-11 | 7.8 High |
| International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions. | ||||
| CVE-2026-29122 | 2 Datacast, International Datacasting Corporation | 3 Sfx2100, Sfx2100 Firmware, Sfx2100 Satellite Receiver | 2026-03-11 | 5.5 Medium |
| International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files. | ||||
| CVE-2026-29123 | 2 Datacast, International Datacasting Corporation | 3 Sfx2100, Sfx2100 Firmware, Sfx2100 Satellite Receiver | 2026-03-11 | 7.8 High |
| A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking. | ||||
| CVE-2026-29124 | 2 Datacast, International Datacasting Corporation | 3 Sfx2100, Sfx2100 Firmware, Sfx2100 Satellite Receiver | 2026-03-11 | 7.8 High |
| Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root | ||||