cve-2026-54717 let attacker-controlled page titles execute javascript in the silverstripe cms page list view through unescaped breadcrumb rendering
cve-2026-50539 let any authenticated xibo cms user download arbitrary notification attachments through missing object-level authorization on notification export
cve-2026-54562 let non-admin cloudreve users with remote download permission fetch loopback and internal-only urls, then read the imported response body from their own files
cve-2026-10860 let a low-privileged galaxy editor delete another organisation galaxy in misp through a delete-path validation bypass
cve-2026-54256 let any authenticated backend user in wintercms target unrelated attachment records through the backend fileupload widget
cve-2026-55383 let public customer document tokens cross company boundaries in invoiceshelf through emaillog type confusion and missing expiry checks
cve-2026-54258 let low-privileged zoneminder users fetch private event media from monitors they were not allowed to access
cve-2026-53521 let a stored future ddns profile id turn into another user ddns profile context later in nezha
cve-2026-53634 let authenticated sharp users bypass create authorization through quick creation command endpoints
cve-2026-49355 exposed private work package data through the single meeting agenda item api in openproject
cve-2026-50198 and cve-2026-50199 in wallos both came from cross-user references being accepted first and trusted later
cve-2026-48067 came from a scope mismatch in filament AttachAction and AssociateAction
cve-2026-47755 let a low-privileged authenticated user pull another client credentials and totp secrets in itflow
how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss
authenticated sharp users could download unrelated laravel storage objects through the generic download endpoint
one vulnerability. multiple targets. multiple certificates.
a complete write up of insanetemple for my beloved juniors
it is easy tho
