Important: php8.1

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

VulnCheck KEV: CVE-2020-9480

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster,...

LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-lev...

CVE-2024-34092

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 6.14.0.3 is also a fixed release...

PT-2024-3325

Name of the Vulnerable Software and Affected Versions DHCP affected versions not specified Description The issue is related to a lack of authentication in the DHCP protocol, specifically with the classless static route option 121. This allows an attacker to manipulate routes and potentially...

WordPress plugin Elementor Website Builder 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... An authorization issue...

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

CVE-2024-1739

CVE-2024-1739 affects lunary-ai/lunary and describes an authentication issue caused by improper validation of email addresses during signup. The server does not treat emails as case-insensitive, allowing multiple accounts to be created for the same address by varying case (e.g., [email protected] vs ...

CVE-2024-22358

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28089...

CVE-2024-2217

CVE-2024-2217 concerns improper access control in gaizhenbiao/chuanhuchatgpt, allowing unauthorized access to the config.json file in both authenticated and unauthenticated versions. The flaw enables retrieval of sensitive data such as OpenAI/Google/XMChat API keys, configuration details, and use...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

CVE-2024-2447

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action...

Hitachi Energy Asset Suite 安全漏洞

Hitachi Energy Asset Suite is a powerful suite from Hitachi, Japan. standardizes and streamlines enterprise asset management workflows to maximize employee productivity and improve asset performance. A security vulnerability exists in Hitachi Energy Asset Suite versions prior to 9.6.3.13 and prio...

PT-2024-20115 · WordPress · Woocommerce Pos

Name of the Vulnerable Software and Affected Versions: WooCommerce POS plugin for WordPress versions up to, and including, 1.4.11 Description: The issue is related to information disclosure due to the plugin not properly verifying the authentication and authorization of the current user. This...

CVE-2024-23255

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2024-23255

CVE-2024-23255 describes an authentication issue in Apple devices where photos in the Hidden Photos Album could be viewed without authentication due to improved state management. Affected platforms include macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4; Apple patches are available in those versions...

CVE-2024-2076 CodeAstro House Rental Management System tenant.php missing authentication

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. Th...

PT-2024-15248 · WordPress · Login As User/Customer

Name of the Vulnerable Software and Affected Versions: Login as User or Customer WordPress plugin versions 3.8 and earlier Description: The issue allows users to log in as any other user on the site, potentially leading to complete administrator account takeover. It is crucial to keep WordPress...