Search Results (37422 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27832 1 Intermesh 1 Group-office 2026-04-16 8.8 High
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint. The endpoint `index.php?r=email/template/emailSelection` processes `advancedQueryData` and forwards the SQL comparator without a strict allowlist into SQL condition building. This enables blind boolean-based exfiltration of the `core_auth_password` table. Versions 26.0.8, 25.0.87, and 6.8.153 fix the issue.
CVE-2026-27947 1 Intermesh 1 Group-office 2026-04-16 8.8 High
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.
CVE-2022-27782 4 Debian, Haxx, Redhat and 1 more 4 Debian Linux, Curl, Enterprise Linux and 1 more 2026-04-16 7.5 High
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
CVE-2022-27781 5 Debian, Haxx, Netapp and 2 more 17 Debian Linux, Curl, Clustered Data Ontap and 14 more 2026-04-16 7.5 High
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
CVE-2021-22922 7 Fedoraproject, Haxx, Netapp and 4 more 25 Fedora, Curl, Cloud Backup and 22 more 2026-04-16 6.5 Medium
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
CVE-2026-28408 2 Labredescefetrj, Wegia 2 Wegia, Wegia 2026-04-16 9.8 Critical
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
CVE-2026-28515 1 Opendcim 1 Opendcim 2026-04-16 8.8 High
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.
CVE-2026-26707 2 Oretnom23, Sourcecodester 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System 2026-04-16 9.8 Critical
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.
CVE-2026-26701 2 Jon-remus-sevellejo, Sourcecodester 2 Personnel Property Equipment System, Personnel Property Equipment System 2026-04-16 9.8 Critical
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
CVE-2026-26711 2 Carmelo, Code-projects 2 Simple Food Order System, Simple Food Order System 2026-04-16 9.8 Critical
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
CVE-2026-26712 1 Carmelo 1 Simple Food Order System 2026-04-16 9.8 Critical
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.
CVE-2026-26710 2 Carmelo, Code-projects 2 Simple Food Order System, Simple Food Order System 2026-04-16 9.8 Critical
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
CVE-2026-26713 2 Carmelo, Code-projects 2 Simple Food Order System, Simple Food Order System 2026-04-16 9.8 Critical
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.
CVE-2026-26696 2 Carmelo, Code-projects 2 Simple Student Alumni System, Simple Student Alumni System 2026-04-16 9.8 Critical
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
CVE-2026-26694 2 Carmelo, Code-projects 2 Simple Student Alumni System, Simple Student Alumni System 2026-04-16 9.8 Critical
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
CVE-2026-26697 2 Carmelo, Code-projects 2 Simple Student Alumni System, Simple Student Alumni System 2026-04-16 4.9 Medium
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
CVE-2026-32732 1 Leanprover 1 Vscode-lean4 2026-04-16 N/A
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. The issue has been resolved in 0.2.0.
CVE-2026-4519 1 Python 2 Cpython, Python 2026-04-16 3.3 Low
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
CVE-2026-32268 1 Craftcms 1 Azure-blob 2026-04-16 N/A
The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The `DefaultController->actionLoadContainerData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error messages, additional attack vectors are also exposed. Users should update to version 2.1.1 of the plugin to mitigate the issue.
CVE-2026-33290 2 Wordpress, Wpgraphql 2 Wordpress, Wpgraphql 2026-04-16 4.3 Medium
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero capabilities) to change moderation status of their own comment (for example to APPROVE) without the moderate_comments capability. This can bypass moderation workflows and let untrusted users self-approve content. Version 2.10.0 contains a patch. ### Details In WPGraphQL 2.9.1 (tested), authorization for updateComment is owner-based, not field-based: - plugins/wp-graphql/src/Mutation/CommentUpdate.php:92 allows moderators. - plugins/wp-graphql/src/Mutation/CommentUpdate.php:99:99 also allows the comment owner, even if they lack moderation capability. - plugins/wp-graphql/src/Data/CommentMutation.php:94:94 maps GraphQL input status directly to WordPress comment_approved. - plugins/wp-graphql/src/Mutation/CommentUpdate.php:120:120 persists that value via wp_update_comment. - plugins/wp-graphql/src/Type/Enum/CommentStatusEnum.php:22:22 exposes moderation states (APPROVE, HOLD, SPAM, TRASH). This means a non-moderator owner can submit status during update and transition moderation state. ### PoC Tested in local wp-env (Docker) with WPGraphQL 2.9.1. 1. Start environment: npm install npm run wp-env start 2. Run this PoC: ``` npm run wp-env run cli -- wp eval ' add_role("no_caps","No Caps",[]); $user_id = username_exists("poc_nocaps"); if ( ! $user_id ) { $user_id = wp_create_user("poc_nocaps","Passw0rd!","poc_nocaps@example.com"); } $user = get_user_by("id",$user_id); $user->set_role("no_caps"); $post_id = wp_insert_post([ "post_title" => "PoC post", "post_status" => "publish", "post_type" => "post", "comment_status" => "open", ]); $comment_id = wp_insert_comment([ "comment_post_ID" => $post_id, "comment_content" => "pending comment", "user_id" => $user_id, "comment_author" => $user->display_name, "comment_author_email" => $user->user_email, "comment_approved" => "0", ]); wp_set_current_user($user_id); $result = graphql([ "query" => "mutation U(\$id:ID!){ updateComment(input:{id:\$id,status:APPROVE}){ success comment{ databaseId status } } }", "variables" => [ "id" => (string)$comment_id ], ]); echo wp_json_encode([ "role_caps" => array_keys(array_filter((array)$user->allcaps)), "status" => $result["data"]["updateComment"]["comment"]["status"] ?? null, "db_comment_approved" => get_comment($comment_id)->comment_approved ?? null, "comment_id" => $comment_id ]); ' ``` 3. Observe result: - role_caps is empty (or no moderate_comments) - mutation returns status: APPROVE - DB value becomes comment_approved = 1 ### Impact This is an authorization bypass / broken access control issue in comment moderation state transitions. Any deployment using WPGraphQL comment mutations where low-privileged users can make comments is impacted. Moderation policy can be bypassed by self-approving content.