5 matches found
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
CVE-2026-38587
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
EUVD-2024-2316
Malicious code in bioql PyPI...
PT-2024-10843 · WordPress · Indeed Membership Pro
Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...
CVE-2022-3400
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...