115 matches found
CVE-2026-3186 feiyuchuixue sz-boot-parent Password Reset password default password
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...
CVE-2026-3186
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...
Privilege Escalation
@cubejs-backend/server-core is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization validation of specially crafted requests using a valid API token, which allows an attacker to escalate privileges beyond their intended access level...
CVE-2025-13928
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints...
CVE-2025-13928
Removed by vendor...
WordPress plugin Forminator Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
WordPress plugin Image Photo Gallery Final Tiles Grid 安全漏洞
...
WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...
Apache OpenOffice Information Disclosure Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...
Microsoft Excel Information Leakage Vulnerability (CNVD-2026-00026)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which is caused due to improper authorization validation. An attacker could exploit the vulnerability to obtain sensitive information...
Microsoft Nuance PowerScribe 360 Information Disclosure Vulnerability
Microsoft Nuance PowerScribe 360 is a medical image reporting system for speech recognition, report generation and workflow management in radiology. An information disclosure vulnerability exists in Microsoft Nuance PowerScribe 360, which is due to improper authorization validation. An attacker...
Dee Store 安全漏洞
Dee Store is an online shopping web application by the individual developer Dinuka Navaratna. A security vulnerability exists in Dee Store version 1.0, which stems from a lack of authorization validation and could allow a remote attacker to bypass privilege control by constructing a malicious...
EUVD-2025-13357
Malicious code in bioql PyPI...
EUVD-2024-48059
Malicious code in bioql PyPI...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...
Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105
This module enables you to connect a Drupal site to the Acquia DAM service, which syncs media from the third party service to the site. The module doesn't sufficiently validate authorization to a list of DAM assets currently synced to the website creating an access bypass vulnerability. This...
Delinea Secret Server 安全漏洞
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7.49 and earlier, which stems from insufficient validation in the initial authorization event and could lead to distributed engine impersonation...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
CVE-2012-2238
trytond 2.4: ModelView.button fails to validate authorization...