6 matches found
CVE-2026-3896
The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...
Argo has Missing Authorization in its Sync ConfigMap Provider
Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of ownership checks at the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint, whic...
PT-2026-6421
Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...
CVE-2020-6243
Under certain conditions, SAP Adaptive Server Enterprise XP Server on Windows Platform, versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected...
Red Hat JBoss Enterprise Application Platform Role Based Access Control Component Security Bypass Vulnerability
Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform for building, deploying, and hosting Java applications and services.JBoss Application Server AS, also known as WildFly is an open source JavaEE-based application server; the JacORB subsystem is a...