11 matches found
WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...
CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest
Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...
WordPress plugin WaMate Confirm – Order Confirmation 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-58122 Insufficient permission validation when configuring notification parameters
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure...
CVE-2025-41443 Guest user can discover active public channels
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
PeerTube 安全漏洞
PeerTube is a decentralized video sharing service platform open-sourced by Chocobozzz. It is used to create video projects. PeerTube suffers from a security vulnerability that stems from a lack of permission validation, which could lead to the addition of playlists to other users' channels via th...
PT-2023-29693 · Xmlsoft · Mlsoft Tco!Stream
Name of the Vulnerable Software and Affected Versions: MLSoft TCO!stream versions 8.0.22.1115 and below Description: A vulnerability exists in MLSoft TCO!stream due to insufficient permission validation, allowing an attacker to make the victim download and execute arbitrary files. Recommendations...
GitLab Authorization Issues Vulnerability (CNVD-2020-57832)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...
CVE-2017-7644
The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541...