CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

CVE-2025-2907

The CVE-2025-2907 issue affects the WordPress plugin Order Delivery Date Pro for WooCommerce (versions before 12.3.1). The root cause is missing authorization and CSRF checks when importing settings, allowing an unauthenticated attacker to update arbitrary options such as default_user_role to adm...

CVE-2025-24583

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.16.5...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Synapse vulnerabilities (USN-7444-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7444-1 advisory. It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this...

ManageWiki 授权问题漏洞

ManageWiki is an open source extension for Miraheze. A license issue vulnerability exists in ManageWiki, which stems from improper extension management and could result in restricted extensions being automatically disabled...

CVE-2025-32243 WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability

Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Link Optimiser: from n/a through = 5.1.2...

Moodle 4.2.x < 4.2.9 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

Moodle 4.4.x < 4.4.2 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

Moodle 4.3.x < 4.3.6 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

PT-2025-15837 · Drupal · Drupal Web-T

Name of the Vulnerable Software and Affected Versions: Drupal WEB-T versions 0.0.0 through 1.1.0 Description: The issue affects Drupal WEB-T, allowing excessive allocation and content spoofing due to allocation of resources without limits or throttling and incorrect authorization. Recommendations...

IBM InfoSphere Information Server Authorization Issues Vulnerability (CNVD-2025-06810)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An authorization issue vulnerability exists in IBM InfoSphere Information Server version 11.7 th...

Linux Distros Unpatched Vulnerability : CVE-2023-3758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues...

CVE-2024-5705 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CWE-863 Hitachi Vantara Pentaho Business Analytics Server versions before...

IBM Security Verify Access Authorization Issues Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 14.1 to 17.8.2. The vulnerabilities include a denial-of-service vulnerability, an external service interaction vulnerability, a critical XSS vulnerability, improper authorization vulnerabilities, an insecure direct object...

CVE-2021-39206

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect...

CVE-2022-41923

Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint i.e. the targeted endpoint using the authorization requirements of a different endpoint i.e. the donor endpoint. In some Grails framework applications, access to t...

CVE-2024-48849 Authentication and Authorization Issues

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through = 9.3.4...

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

Adobe Experience Manager Authorization Issues Vulnerability (CNVD-2025-16239)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...