Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper verification of message recipients in the non-respondents report feature. An attacker can send messages to arbitrary site users by exploiting this verification...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

GHSA-CGRQ-WVFJ-V28J Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

CVE-2024-8072

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

CVE-2024-8072 Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users...

PT-2024-38786 · Mage Ai · Mage Ai

Name of the Vulnerable Software and Affected Versions: Mage AI affected versions not specified Description: The issue allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users. Recommendations: At the moment, there is no information about a newer versi...

CVE-2024-6125

CVE-2024-6125 is a WordPress plugin vulnerability in Login with phone number up to version 1.7.34. The issue allows unauthenticated password resets by guessing a 6-digit numeric code because the reset code is weak and there is no limit on attempts or time. Public sources confirm the root cause as...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

CVE-2024-28270

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword...

The vulnerability of the application layer in real-time content management system SQL Directus, related to the use of incorrect alias names, allows attackers to bypass the password protection for arbitrary users.

The vulnerability of the application layer in real-time database content management system SQL Directus is related to the use of names with incorrect references. Exploiting this vulnerability could allow an attacker to reset the password of an arbitrary user remotely...

CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

Improper Authorization

GitLab is vulnerable to Improper Authorization. The above vulnerability is caused due to improper authorization in GitLab. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

CVE-2024-0456

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

Authorization

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

CVE-2024-0456 Direct Request ('Forced Browsing') in GitLab

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab version 14.0 up to and including...

PT-2024-15575 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description: An authorization issue exists, allowing an unauthorized attacker to assign arbitrary users to merge requests MRs they...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system, related to the unencrypted storage of critical information, allows attackers to compromise the passwords of arbitrary users.

The vulnerability of cloud software for creating and using Nextcloud Server storage involves the unencrypted storage of critical information. Exploiting this vulnerability can allow attackers to disclose the passwords of arbitrary users...

Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset

Description The plugin is vulnerable to authentication bypass due to a weak password reset functionality, allowing unauthenticated attackers to reset the password of arbitrary users to a guessable value based on the current time...