EUVD-2025-38235

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2020-21629

Malware in sbrugna...

CVE-2025-48731

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...

CVE-2025-48731

Summary : CVE-2025-48731 affects Mattermost Confluence Plugin versions

PT-2025-32572 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to Confluence spaces. This allows attackers to modify subscriptions for Confluence spaces that a user does not have...

PT-2025-23929 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.10.0 and earlier Description: The issue is related to improper access control in the permissions component, allowing an authenticated user to bypass the "Edit permission" permission. This is achieved by...

CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...

CVE-2025-30718

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Autodesk: Insecure Direct Object Reference (IDOR) Vulnerability in Autodesk User Profile

An Insecure Direct Object Reference IDOR vulnerability was discovered in the Autodesk User Profile. The vulnerability was found in the "id" parameter, which could have allowed an attacker to edit another user's profile...

WordPress plugin ImagePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6590

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...

PT-2024-31553

Name of the Vulnerable Software and Affected Versions Business Card WordPress plugin versions 1.0.0 and earlier Description The issue concerns a lack of CSRF checks in certain areas, allowing attackers to potentially make logged-in users perform unwanted actions, such as editing card categories v...

CVE-2024-34502

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will attempt to make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit...

CVE-2024-34502

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will attempt to make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit...

GHSA-2GVW-W6FJ-7M3C Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/, allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael, applications,...

CVE-2024-1123

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...

PT-2024-1641 · Splunk · Splunk Add-On Builder

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to the application writing user session tokens to its internal log files when visiting the Splunk Add-on Builder or when building or editing a custom app or add-o...

WordPress Plugin Awesome Support Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...

PT-2023-24744 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05 Description: The issue allows users without appropriate permissions to edit Build Configuration settings via the REST API due to improper permission checks. Recommendations: For versions prior to...

CVE-2023-32680 Missing SQL permissions check in metabase

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...