Lucene search
+L

39 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.8 views

CVE-2025-13093

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

5.3CVSS5.3AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203217

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

5.3CVSS4.9AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.7 views

CVE-2025-13093

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

5.3CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 4:31 a.m.24 views

CVE-2025-13093

CVE-2025-13093 affects the WordPress plugin “Devs CRM – Manage tasks, attendance and teams all together” and concerns an unauthorized data modification vulnerability. The issue is caused by a missing capability check on the REST-API endpoint /wp-json/devs-crm/v1/bulk-update and affects all versio...

5.3CVSS5AI score0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.49 views

CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

5.3CVSS0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.10 views

PT-2025-51061

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

5.3CVSS5.3AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/21 4:38 p.m.10 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.8CVSS7AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 6:31 p.m.3 views

EUVD-2025-198305

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.5AI score0.00261EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 4:16 p.m.7 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.8CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 4:16 p.m.6 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:44 p.m.4 views

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.2AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:44 p.m.15 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation via the user management tab. A user with the user_manage_team role can modify permissions and assign administrative rights to any user, including themselves, enabling escalation to admin. The issue affects both Bulk Update and standard user-right e...

8.8CVSS6.2AI score0.00261EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.11 views

PT-2025-47599

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning has a flaw that allows privilege escalation through the user management tab. Users assigned the user manage team role can modify user permissions, including granting administrative...

8.8CVSS6.9AI score0.00261EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27096

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00293EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/09 4:29 p.m.7 views

CVE-2025-48042

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

7.1CVSS7AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2025/09/07 4:1 p.m.4 views

EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References4
NVD
NVD
added 2024/05/24 7:15 a.m.24 views

CVE-2024-1376

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.6 views

Tuleap Security Vulnerabilities

Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap that originates from a user with read access to a tracker that us...

6.5CVSS6.6AI score0.00495EPSS
Exploits0References5
NVD
NVD
added 2015/01/05 9:59 p.m.16 views

CVE-2014-9526

Multiple cross-site scripting XSS vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 gName parameter in singlepages/dashboard/users/groups/bulkupdate.php or 2 instanceid parameter in tools/dashboard/sitemapdragrequest.p...

4.3CVSS5.8AI score0.01872EPSS
Exploits1References5
Rows per page
Query Builder