CVE-2025-10746

CVE-2025-10746 – Integrate Dynamics 365 CRM plugin (WordPress) affects all versions up to 1.0.9. Root cause: missing capability checks and nonce verification on functions hooked to init, enabling unauthenticated access. Impact (per sources): unauthenticated attackers can deactivate the plugin, ta...

CVE-2025-25286

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...

CVE-2023-50946 IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from an information disclosure vulnerability that can be exploited by an attacker to gain access to the global instance OAuth configuration...

Grafana 安全漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from an account takeover and...

CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access t...

GHSA-774G-R3FM-4V85 CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration

Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access t...

CVE-2017-15307

Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information...

Authorization

Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information...

CVE-2017-15307

CVE-2017-15307 affects Huawei Honor 8 devices (versions earlier than FRD-L04C567B389 and FRD-L14C567B389). Root cause: improper authorization configuration on specific device information leading to a permission control vulnerability. Impact: potential unauthorized modification of device informati...

CVE-2017-15307

Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information...

SeaWell Networks Spectrum - Multiple Vulnerabilities

Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282 CVE-2015-8283 CVE-2015-8284 About SeaWell Networks Spectru...

ViewVC < 1.1.3 Multiple Remote Vulnerabilities

ViewVC is prone to these security vulnerabilities: - A security vulnerability that involves root listing of per-root authorization configuration. - A security vulnerability in SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...