Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials

n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be u...

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. It is possible ...

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public ...

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

n8n has SQL Injection in SeaTable Node

n8n has Open Redirect in MCP OAuth Consent Flow

n8n has SQL Injection in Oracle Database Node via Limit Field

n8n has SQL Injection in Snowflake and MySQL Nodes

OpenID Connect nonce generated but never validated — ID token replay attack

CKAN has CSRF exemption primed by anonymous requests

CKAN has no certificate validation on STMP connection

OneCollector exporter reads unbounded HTTP response bodies

Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION option that is smalle...

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results i...