Saad Iqbal Mycred vulnerabilities

CVE-2026-27440 [MEDIUM] CWE-79 CVE-2026-27440: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.

CVE-2026-24951 [MEDIUM] CWE-862 CVE-2026-24951: Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Config Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.

CVE-2025-54667 CWE-367 CVE-2025-54667: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows L Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3.

CVE-2025-54668 CWE-79 CVE-2025-54668: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.4.3.

CVE-2025-49872 CWE-862 CVE-2025-49872: Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not P Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.

CVE-2025-49857 CWE-862 CVE-2025-49857: Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Config Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.

CVE-2024-43214 [MEDIUM] CWE-862 CVE-2024-43214: Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

CVE-2024-43354 CWE-502 CVE-2024-43354: Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCre Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

CVE-2024-43353 CWE-79 CVE-2024-43353: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

CVE-2024-32711 CWE-79 CVE-2024-32711: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.