IBM DOORS Next Generation multiple vulnerabilities

RISK EVALUATION IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting...

IBM Engineering Requirements Management DOORS Next Multiple Vulnerabilities (7247716)

The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.0.2 prior to 7.0.2 ifix 32 or 7.0.3 7.0.3 ifix 10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7247716 advisory. - It is possible for an authenticated user on the...

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2139 IBM Engineering Requirements Management Doors Next security bypass

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

PT-2025-41721

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management Doors Next versions 7.0.2 through 7.1 Description An authenticated user on the network may be able to delete reviews belonging to other users. This is due to client-side enforcement of what should be...

EUVD-2021-23437

Malware in sbrugna...

EUVD-2022-15830

Malicious code in bioql PyPI...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

PT-2025-26591 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

WordPress Youzify plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Review Deletion vulnerability discovered by Brian Mungai in WordPress Plugin Youzify versions = 1.3.2...

CVE-2024-12113

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteuserreview and deletereview functions in all versions up to, and including, 1.3.2. This...

CVE-2024-12113 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteuserreview and deletereview functions in all versions up to, and including, 1.3.2. This...

CVE-2024-12113

CVE-2024-12113 affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. The issue is an unauthorized data-loss condition caused by a missing capability check on delete_user_review() and delete_review() functions in all versions up to 1.3.2, allowing ...

CVE-2022-0775

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment...

CVE-2021-36861 WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to review deletion discovered by Ngo Van Thien Patchstack Alliance in WordPress Rich Reviews by Starfish plugin versions = 1.9.14. Solution No patched version available...