SenseLive X3050 代码问题漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a code vulnerability that stems from improper execution of the Web management interface’s session lifecycle. This issue allows authenticated...

WordPress plugin WP-Optimize 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2019-16387

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/randomtoken/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchemaListDatabases request while using a low-privilege account. This can perform actions and retrieve data that only an administrator should have access to. NOTE: The vendor states that...

EUVD-2018-11248

Malware in sbrugna...

EUVD-2011-2687

Malware in sbrugna...

EUVD-2011-2903

Malware in sbrugna...

EUVD-2011-3545

Malware in sbrugna...

EUVD-2025-3049

Malicious code in bioql PyPI...

PT-2025-31374 · E-School · E-School

Name of the Vulnerable Software and Affected Versions: e-School affected versions not specified Description: The e-School system contains a missing authorization flaw. This allows remote attackers with regular privileges to access administrator functions, including creating, modifying, and deleti...

CVE-2018-19559

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the referenceid parameter...

CVE-2023-49233

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used for physical access to the facility by the controller. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from...

Shift Tech bingo!CMS 授权问题漏洞

Shift Tech bingo!CMS is a content management system from Shift Tech Japan. An authorization issue vulnerability exists in Shift Tech bingo!CMS version 1.7.4.1 and prior versions, which stems from an authentication bypass vulnerability contained in certain administrative functions...

GHSA-V3C3-QR6M-8M7M Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

MoinMoin Improper Access Control

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...

GHSA-V744-H36C-HV5J MoinMoin Improper Access Control

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...

OpenClinic GA License Issue Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An authorization issue vulnerability exists in OpenClinic GA versions 5.09.02 and 5.89.05b, which can be exploited b...

CVE-2020-11680

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store,...

OpenMRS Input Validation Error Vulnerability (CNVD-2020-26250)

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. OpenMRS suffers from an input validation error vulnerability that stems from the import function of the data exchange module not properly redirecting to the login page. An attacker could exploit th...

CVE-2011-3582

A Cross-site Request Forgery CSRF vulnerability exists in Advanced Electron Forums AEF through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions...