54 matches found
CVE-2026-21289
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
EUVD-2026-11058
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...
CVE-2026-21296
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...
CVE-2026-21296 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...
PT-2026-24562
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
PT-2026-24552
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited...
IBM Engineering Requirements Management DOORS Next 安全漏洞
IBM Engineering Requirements Management DOORS Next is a scalable solution provided by the American company International Business Machines IBM. This solution can help you capture, track, analyze, and manage systems as well as advanced IT application development. Versions 7.1 and 7.2 of IBM...
CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...
CVE-2025-36371
Summary: CVE-2025-36371 affects IBM i versions 7.2–7.6. The vulnerability is an information disclosure in the database plan cache implementation that could allow a user with database plan cache access to see information they are not authorized to view. Affected products/versions: IBM i 7.2, 7.3, ...
EUVD-2013-4464
Malware in sbrugna...
CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...
CVE-2013-4608
Cross-site scripting XSS vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page...
CVE-2025-3082
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...
PYSEC-2023-213
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...
CVE-2023-33852
IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614...
Cross site scripting
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a...
thisAAY Lazy Mouse 安全漏洞
thisAAY Lazy Mouse is a mouse application from thisAAY. A security vulnerability exists in thisAAY Lazy Mouse that stems from the fact that it allows an attacker to view all data via a man-in-the-middle attack...
Moddable SDK 缓冲区错误漏洞
Moddable SDK is a software development kit SDK for IoT embedded software development from Moddable, Inc. in the United States. A security vulnerability exists in the Moddable SDK that originates from an out-of-bounds read security issue in the fxUint8Getter function in...
CVE-2022-26105
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...
CVE-2022-22727
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power...