7 matches found
EUVD-2026-44884
The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace API endpoints. An authenticated attacker can bypass access controls by sending trace read, search, delete, update, linking, or assessment requests for experiments they do...
Missing Authorization
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace A...
CVE-2026-54289
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...
Introducing Wiz Audit History: Track Every Change Across your Environment
Wiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance...
Metasploit-Project
MSF Cloud — Security Exploitation & Education Platform SSEP...
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...