131 matches found
EUVD-2022-45511
Malicious code in bioql PyPI...
EUVD-2023-42712
Malicious code in bioql PyPI...
CVE-2025-42958 Missing Authentication check in SAP NetWeaver
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...
CVE-2025-8322
The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege...
CVE-2025-6007
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...
CVE-2024-0797
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...
CVE-2022-24221
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...
CVE-2022-36198
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...
CVE-2022-35909
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality...
CVE-2019-19598
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAPAUTH header timestamp value. In HTTP requests, part of the HNAPAUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to...
CVE-2025-25916
wuzhicms v4.1.0 has a Cross Site Scripting XSS vulnerability in del function in \coreframe\app\member\admin\group.php...
CVE-2022-42438
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...
PT-2024-38338 · WordPress · Mpg Plugin
Name of the Vulnerable Software and Affected Versions: The Multiple Page Generator Plugin – MPG plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functions intended for admin use,...
PT-2024-28588
Name of the Vulnerable Software and Affected Versions WooCommerce PDF Vouchers versions 4.9.4 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables attackers to bypass capability...
PT-2024-31454 · Za Internet · Za-Internet C-Mor Video Surveillance
Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance version 5.2401 Description: An issue was discovered due to improper or missing access control, allowing low privileged users to use administrative functions of the C-MOR web interface. Although different...
CVE-2024-6435
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...
PT-2024-37624 · Rockwell Automation · Pavilion8
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A privilege escalation issue exists in the affected products, allowing a malicious user with basic privileges to access functions that should only be...
CVE-2024-34240
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting XSS resulting in arbitrary code execution in admin functions related to adding or updating records...
CVE-2024-34240
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting XSS resulting in arbitrary code execution in admin functions related to adding or updating records...
CVE-2024-34240
QDOCS Smart School 7.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in admin functions related to adding or updating records, which is described as enabling arbitrary code execution. The issue is consistently reported across multiple sources (Red Hat, NVD/CNNVD/CVE record, CVE enri...