PT-2026-40910

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

EUVD-2026-12213

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function Fxmlexportusers of the file admin/code/tcexmlusers.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are stil...

EUVD-2022-49295

Malicious code in bioql PyPI...

CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...

CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...

CVE-2024-38970

The CVE-2024-38970 entries describe a vulnerability in vaeThink 1.0.2 where information disclosure can occur through the system backend, specifically via the access management administrator function. Available sources consistently identify the affected software (vaeThink 1.0.2) and the impact as ...

CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...

Security Bulletin: This Power System update is being released to address CVE-2022-4450

Summary This affects the BMC administrator function to upload HTTPS certificates. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. ...

CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

PT-2023-14202 · Easytest · Easytest

Name of the Vulnerable Software and Affected Versions: EasyTest affected versions not specified Description: The Administrator function of EasyTest has an Incorrect Authorization issue. A remote attacker authenticated as a general user can exploit this to bypass intended access restrictions, make...

CVE-2022-46491

A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts...

PT-2022-27881 · Nbnbk · Nbnbk

Name of the Vulnerable Software and Affected Versions: nbnbk affected versions not specified Description: A Cross-Site Request Forgery CSRF vulnerability in the Add Administrator function allows attackers to arbitrarily add Administrator accounts. Recommendations: At the moment, there is no...

GHSA-9CC3-5W85-PXVX Cross Site Request Forgery in intelliants/subrion

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

Cross Site Request Forgery in intelliants/subrion

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...