CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...

CVE-2026-47351

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

PT-2026-47744

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 10.4.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users can insert arbitrary records and files into the clipboard without proper read permission checks. This allows unauthorized users to...

CVE-2025-32808

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...

CVE-2025-32808

Affected software: W. W. Norton InQuizitive (through 2025-04-08). The vulnerability arises from client-side access control, allowing a student to insert arbitrary quiz records into the backend, with integrity impact (I=HIGH) and no confidentiality impact (C=NONE). CVSS details: CVSS 3.1 base scor...

CVE-2021-44465

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests...

PT-2023-12547 · Odoo +1 · Odoo Community +2

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 13.0 and earlier Odoo Enterprise versions 13.0 and earlier Description: The issue allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the...

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation...

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation...

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation...

Improper access control

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation...

CVE-2018-15645

CVE-2018-15645 involves improper access control in the message routing of Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier. The flaw allows remote authenticated users to craft payloads that create arbitrary records, potentially enabling privilege escalation. Affected software ...

CVE-2018-15645

Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation...

Odoo Access Control Error Vulnerability

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as database and includes modules for sales management, inventory management and financial management. An Access Control Error...

IBM Rational ClearQuest 7.1.1.x < 7.1.1.4 / 7.1.2.x < 7.1.2.1 Multiple Vulnerabilities (credentialed check)

The remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.4 / 7.1.2.x prior to 7.1.2.1 installed. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the Dojo Toolkit that allows a remote attacker to read...

CVE-2010-4602

IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 contains a web client vulnerability that allows remote authenticated users to bypass the “restricted user” restrictions and read arbitrary records by modifying the record number in the URL for a RECORD action (e.g., via a b...

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

Design/Logic Flaw

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

DEBIAN-CVE-2009-0858

The responseaddname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary record...