7 matches found
CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...
EUVD-2018-2663
Malware in sbrugna...
CVE-2025-54397
CVE-2025-54397 affects Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 through 11.1.25161.02. The issue: sensitive information is inserted into data sent to authenticated users, exposing data during transit. The CVSS v3.1 base score is 4.3 (Medium) with network attack vecto...
CVE-2017-15196
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user...
CVE-2025-3851
CVE-2025-3851 affects the WordPress plug‑in WP SmartPay (Download Manager and Payment Form) . The issue is an Insecure Direct Object Reference in the show() function caused by missing validation on a user‑controlled key, which could allow an authenticated attacker with Subscriber+ privileges to v...
CVE-2024-43196
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...
CVE-2019-4636
IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013...