EUVD-2024-22489

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-1210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions...

CVE-2021-24728

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...

Incorrect Authorization

liferay portal is vulnerable to Incorrect Authorization. The vulnerability is caused due to not restricting membership of a child site when the Limit membership to members of the parent site option is enabled. This allows remote authenticated users to add users who are not a member of the parent...

Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

CVE-2024-25149

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

CVE-2024-25149

CVE-2024-25149 affects Liferay Portal 7.2.0–7.4.1 and Liferay DXP 7.3 before SP3 (and older/unsupported versions), where the policy to limit membership to the parent site does not properly restrict membership in a child site. This enables remote authenticated users to add non-members of the paren...

CVE-2023-1210

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email...

Account Takeover (ATO)

Pageflow is vulnerable to account takeover ATO. An insecure direct object reference is possible due to improper restriction to the user membership base object. An attacker with the manager role can modify any users memberships, resulting in account takeover...

Design/Logic Flaw

BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors...