4 matches found
CVE-2025-13822
CVE-2025-13822 concerns MCPHub versions below 0.11.0, where authentication bypass exists due to endpoints lacking authentication middleware. An unauthenticated attacker could perform actions in the name of other users with their privileges. The provided metrics indicate low impact on confidential...
MiracleLinux 4 : curl-7.19.7-37.AXS4.3 (AXSA:2014-397:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-397:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is...
CVE-2024-10311
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...
Design/Logic Flaw
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability such as administrators/managers can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped whe...