SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had security vulnerabilities. These vulnerabilities stemmed from the lack of access control list checks for multiple endpoints, which could allow authenticated user...

CVE-2025-11246

CVE-2025-11246 affects GitLab CE/EE prior to 18.5.5, 18.6 prior to 18.6.3, and 18.7 prior to 18.7.1. The issue arises from insufficient granularity in GraphQL runner associations, enabling an authenticated user with specific permissions to remove all project runners from unrelated projects by man...

CVE-2025-46255 WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability

Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5...

CVE-2025-12519 Information disclosure on Administration parameters API endpoint

Missing Authorization vulnerability in Centreon Infra Monitoring Administration parameters API endpoint modules allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring...

CVE-2025-62973

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through = 2.9.0...

EUVD-2025-24420

Malicious code in bioql PyPI...

WordPress plugin WP Helper Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

The vulnerability of NVIDIA BlueField data processing processor microprogramming software, related to access control deficiencies, allows a intruder to gain unauthorized access to read and modify data, or to cause service failures.

The vulnerability of NVIDIA BlueField data processing processor microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to gain unauthorized access to read and modify data, or cause service failures...

PT-2024-28135 · Avirtum · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.3 and earlier Description: The issue affects the Avirtum iPanorama 360 WordPress Virtual Tour Builder, allowing access to functionality not properly constrained by Access Contr...

The vulnerability of Intel Microcode processors lies in their lack of access control mechanisms. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Intel Microcode processors lies in access control deficiencies. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2023-23976

Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2...

The vulnerability of the Intel Driver & Support Assistant software in updating drivers allows attackers to exploit access control deficiencies, enabling them to escalate their privileges.

The vulnerability of the Intel Driver & Support Assistant software for updating drivers is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server, related to access control deficiencies, allows attackers to increase their privileges.

The vulnerabilities of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow unauthorized individuals to increase their privileges remotely...

The vulnerability in the web interface of the Aruba EdgeConnect Enterprise Orchestrator platform allows a attacker to execute arbitrary commands.

The vulnerability of the web interface for managing the Aruba EdgeConnect Enterprise Orchestrator platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the Windows Update Assistant’s software for handling updates leads to a lack of access control, allowing attackers to escalate their privileges.

The vulnerability of the Windows Update Assistant software relates to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Vulnerability of the Security component: The MySQL database management system audit mechanism allows attackers to modify data or cause service failures.

Vulnerability of the Security component: Audits of MySQL database management systems are related to deficiencies in access control. Exploitation of this vulnerability can allow a malicious actor to modify data or cause service failures by using specially crafted network packets...

The vulnerability of the Console sub-component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows a perpetrator to gain full control over the application.

The vulnerability of the Console sub-component of the Oracle WebLogic Server application server software, part of the Oracle Fusion Middleware platform, is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain unauthorized access to data or cause service failures.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to data or cause service failures using the HTTP protocol...

The vulnerability of the Product Diagnostic Tools component of the Order Management system allows a perpetrator to gain full control over the application.

The vulnerability of the Product Diagnostic Tools component in the Order Management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application...