Search Vulnerabilities

Frappe Learning Management System has Client-Side Manipulation of Quiz Scores

FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info

Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)

Frappe: Broken Access Control in DocShare

RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies

Dell Wyse Management Suite, versions prior to WMS 5

Multiple vulnerabilities found in IBM ApplinX.

Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center

1Panel – CAPTCHA Bypass via Client-Controlled Flag

IBM Controller Validation Bypass

SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass

Authentication Bypass in Turkguven's Perfektive

Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment...

security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.

WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration

Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency dat...

Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional

IBM Engineering Requirements Management Doors Next data modification