Cross site scripting

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2023-27622

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abel Ruiz GuruWalk Affiliates plugin = 1.0.0 versions...

CVE-2023-40060

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...

Authentication flaw

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...

Race Condition

umbraco.cms.infrastructure and umbraco.cms.web.backoffice are vulnerable to a Race Condition. The vulnerability exists because under extreme conditions a remote unauthenticated attacker is able to acquire admin-level permissions via a restart...

GHSA-H8WC-R4JH-MG7M Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Impact An unauthorized user gaining admin-level access and permissions to the backoffice. Patches 10.6.1, 11.4.2, 12.0.1 Workarounds Enabling the Unattended Install feature will mean the...

Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Impact An unauthorized user gaining admin-level access and permissions to the backoffice. Patches 10.6.1, 11.4.2, 12.0.1 Workarounds Enabling the Unattended Install feature will mean the...

Input validation

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

CVE-2023-37267 Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

CVE-2023-37267 Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

CVE-2023-37267 Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

Cross site scripting

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

CVE-2022-47507

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

CVE-2022-47504

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

Deserialization of untrusted data

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

CVE-2022-38111

CVE-2022-38111 affects SolarWinds Platform with a deserialization of untrusted data vulnerability. The issue allows remote code execution when an attacker with Orion admin-level access to the Web Console can trigger deserialization via the affected component, per multiple sources. ZDI specifies t...

CVE-2022-47503

CVE-2022-47503 involves deserialization of untrusted data in SolarWinds Platform. Connected advisories identify a concrete instance in SolarWinds Network Performance Monitor where the WorkerControllerWCFProxy handles deserialized input; authenticated attackers can trigger remote code execution wi...