48 matches found
GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
PYSEC-2026-202
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-24312
SAP Business Workflow suffers a privilege-escalation flaw caused by an erroneous authorization check. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to perform unauthorized high-privilege actions. This primarily impacts d...
CVE-2025-14001
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...
WordPress WP CarDealer Elevation of Privilege Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in WordPress WP CarDealer, which stems from insufficient user role registration restrictions, and can be exploited by an...
EUVD-2012-5396
Malware in sbrugna...
EUVD-2014-0688
Malware in sbrugna...
EUVD-2019-16176
Malware in sbrugna...
BIT-GITLAB-2025-5315 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
CVE-2022-24714
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...
PT-2025-21376 · WordPress · Svg Uploads Support
Name of the Vulnerable Software and Affected Versions: SVG Uploads Support WordPress plugin versions 2.1.1 and earlier Description: The issue concerns the failure to sanitize uploaded SVG files, potentially allowing users with a role as low as Author to upload malicious SVG files containing XSS...
WordPress plugin MStore API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-2237
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...
CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...
CVE-2025-2237
CVE-2025-2237 affects WP RealEstate (WordPress plugin) with authentication bypass via process_register in all versions up to 1.6.26, allowing unauthenticated attackers to register as Administrator. Root cause: insufficient role restrictions in the plugin. Impact, as stated by trusted sources: una...
WordPress plugin WP RealEstate 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
WordPress plugin Realteo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...