praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
NocoDB: Missing Ownership Check in MCP Attachment Read
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
NocoDB: OAuth Authorization Code Race Condition
NocoDB: Path Traversal via SQLite Source Filename
NocoDB: SQL Injection via Column Title in Bulk GroupBy
NocoDB: Stored Cross-Site Scripting via Row Comments
NocoDB: Server-Side Request Forgery via Database Connection Host
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats method does not remove newlines from metric names ($stat variable), allowing attackers to change...
7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size < 38 + idLen + i...
7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize (up to 1 GiB) without ze...
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The format_event method (used by the event method) does not validate the content of the tags, w...
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument User...
NocoDB: Cross-Workspace Integration Use in Connection Test
NocoDB: User Enumeration via Sign-In Timing
NocoDB: Plaintext Password Comparison in Shared Views
NocoDB: Hidden Column Exposure in Public Shared View Endpoints
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin