WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

[SECURITY] Fedora 43 Update: podofo-1.0.4-1.fc43

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

CVE-2025-5417 Rhdh: red hat developer hub user permissions

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container...

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

GRANDCOM DynWEB SQL注入漏洞

GRANDCOM DynWEB is the login management interface for a content management system from GRANDCOM Slovakia. A security vulnerability exists in GRANDCOM DynWEB versions prior to 4.2, which stems from a back-end login script that does not validate and clean up user-supplied strings. An unauthenticate...

CVE-2021-41974

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission...

Design/Logic Flaw

The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...

CVE-2020-1575

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

CVE-2020-1591

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

PT-2020-3984 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. This could allow a remote attacker to perform cross-site scripting...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2020-18417)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions prior to Mozilla Firefox 25. An attacker could exploit the vulnerability to modify content written by anonymous users...

CVE-2019-13932

A vulnerability has been identified in XHQ All versions V6.0.0.2. The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack cou...

[SECURITY] [DLA 1975-1] spip security update

Package : spip Version : 3.0.17-2+deb8u5 CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394 It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries...

[SECURITY] [DSA 4532-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4532-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 25, 2019 https://www.debian.org/security/faq -...

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

CVE-2019-16391

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiseraction.php...

BaserCMS Restricted Access Vulnerability

baserCMS is an enterprise-level content management system CMS. A restricted access vulnerability exists in baserCMS versions 4.1.0.1 and earlier and 3.0.15 and earlier, which stems from the program failing to restrict access. A remote attacker can use this vulnerability to bypass access...

CVE-2017-7501

It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which coul...

Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files

Overview Alertus Desktop Notification for OS X, version 2.9.30.1700 and earlier, sets insecure permissions for configuration and other files, which may enable an unprivileged attacker to disable notifications and modify content locally. Description CWE-276: Incorrect Default Permissions -...