Search Vulnerabilities

Filament: Unauthenticated temporary file upload on auth pages

Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

Cross-Project Information Leakage in Google App Engine UI

Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, tem...

MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints

Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()

Craft CMS - Missing Authorization in assets/preview-thumb Endpoint

AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php

Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Do...

Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action

Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC

Microsoft Exchange Online Elevation of Privilege Vulnerability

WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via '...