401 matches found
CVE-2021-39413
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...
CVE-2019-14969
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService which writes to that directory does not perform proper impersonation, and thus the target file will have the same...
CVE-2019-7553
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
CVE-2024-45592
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
CVE-2025-24968
CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...
CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the execute functions in ServerSuspendHandler.java and ServerResumeHandler.java, which do not perform sufficient checks for the authorization of the running user. This allows a user with the Monitor or Auditor...
CVE-2025-23367
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-56114
CVE-2024-56114 affects Canlineapp Online 1.1 and is due to Broken Access Control in the create-audit-template feature. The underlying issue is improper authorization checks that allow users with the Auditor role to perform a task intended for the Supervisor role. Documented impact: auditors can c...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...
CVE-2024-45592
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...
CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...