25 matches found
EUVD-2021-24344
Malware in sbrugna...
EUVD-2019-10420
Malware in sbrugna...
EUVD-2019-14836
Malware in sbrugna...
EUVD-2024-36509
Malicious code in bioql PyPI...
EUVD-2025-8453
Malicious code in bioql PyPI...
CVE-2025-7947
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has...
CVE-2025-42960
CVE-2025-42960 affects SAP Business Warehouse and SAP BW/4HANA BEx Tools. The issue arises from improper authorization checks that an authenticated attacker can exploit to gain higher access levels than intended, potentially compromising data integrity by permitting deletion of user table entries...
CVE-2025-29012 WordPress CF7 7 Mailchimp Add-on plugin < 2.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on CF7-mailchimp-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 7 Mailchimp Add-on: from n/a through 2.4...
CVE-2025-6942
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...
CVE-2025-6942
Affected product: Delinea Secret Server distributed engine. Versions 8.4.39.0 and earlier (within Secret Server 11.7.49 and earlier) are vulnerable. Root cause: insufficient validation during the initial authorization event, enabling impersonation of another distributed engine. Impact: attacker c...
CVE-2025-5175 erdogant pypickle pypickle.py save improper authorization
A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...
CVE-2019-5231
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186C00E180R2P1 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package...
PT-2025-18061 · Unknown · 20120630 Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 20120630 through 0e156c04b4b7ce0563bef6c97af4476fcda8f160 Description: A critical vulnerability has been found in Novel-Plus, affecting the deleteIndex function of the LogController.java file. This leads to improper...
CVE-2025-3967 itwanger paicoding Article post improper authorization
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack...
CVE-2025-31377 WordPress Woo Product Feed For Marketing Channels plugin <= 1.9.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through = 1.9.0...
TeamPass 3.0.0.21 SQL Injection
TeamPass version 3.0.0.21 suffers from a remote SQL injection vulnerability. Exploit Title: TeamPass SQL Injection Google Dork: intitle:"Teampass" + inurl:index.php?page=items Date: 02/23/2025 Exploit Author: Max Meyer - Rivendell Vendor Homepage: http://www.teampass.net Software Link:...
CVE-2025-2589
A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument usercookie leads to improper authorization. The exploit has been disclosed to the...
WordPress Th Shop Mania Theme 1.4.9 Missing Authorization Exploit
import requests import argparse import re import time By Nxploit | Khaled alenazi, Function to check if the site is vulnerable def checkvulnerabilityurl: versionurl = f"url/wp-content/themes/th-shop-mania/readme.txt" try: response = requests.getversionurl, timeout=5 if response.statuscode == 200:...
CVE-2025-1815
A vulnerability, which was classified as critical, was found in pbrong hrms up to 1.0.1. This affects the function HrmsDB of the file \resource\resource.go. The manipulation of the argument usercookie leads to improper authorization. It is possible to initiate the attack remotely. The exploit has...
CVE-2023-51355 WordPress MultiVendorX plugin <= 4.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through = 4.0.23...