4 matches found
CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched ...
Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure
Ivanti has fixed vulnerabilities in Connect Secure and Policy Secure. A malicious party could exploit the vulnerabilities to launch attacks that could result in the following categories of damage: Denial-of-Service DoS Cross-Site Scripting XSS. Increased user privileges Remote code execution User...
PT-2023-20110 · WordPress · Jch Optimize
Name of the Vulnerable Software and Affected Versions: JCH Optimize plugin versions 3.2.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the JCH Optimize plugin. This vulnerability requires authentication with admin+ privileges...