Lucene search
K

115 matches found

CVE
CVE
added 2021/11/01 9:1 p.m.101 views

CVE-2021-39341

The CVE-2021-39341 issue affects the OptinMonster WordPress plugin (versions up to 2.6.4) due to insufficient authorization validation in the REST API implemented in OMAPI/RestApi.php, leading to sensitive information disclosure and unauthorized setting updates via unprotected REST-API endpoints....

8.2CVSS7.8AI score0.2327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:45 a.m.25 views

CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...

7.7AI score0.01531EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2021/10/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...

8.2CVSS7.2AI score0.2327EPSS
Exploits1References1
OSV
OSV
added 2021/06/09 2:15 p.m.4 views

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

6.3CVSS7.4AI score0.01242EPSS
Exploits2References4
Cvelist
Cvelist
added 2021/06/09 1:23 p.m.32 views

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

6.3CVSS6.5AI score0.01242EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2021/06/09 12:0 a.m.5 views

PT-2021-14541 · Sap · Sap Netweaver As Abap +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 Description: The issue is related to the function module SRM RFC SUBMIT REPORT which fails to validate authorization of an...

6.5CVSS6.5AI score0.01242EPSS
Exploits2References6
Prion
Prion
added 2021/03/15 10:15 p.m.14 views

Code injection

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

4CVSS4.6AI score0.01067EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/03/05 11:2 a.m.4 views

OESA-2021-1062 openldap security update

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

7.5CVSS6.6AI score0.84224EPSS
Exploits0References11
NVD
NVD
added 2019/11/21 2:15 p.m.11 views

CVE-2012-2238

trytond 2.4: ModelView.button fails to validate authorization...

7.5CVSS7.5AI score0.01763EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/11/21 2:15 p.m.14 views

CVE-2012-2238

trytond 2.4: ModelView.button fails to validate authorization...

7.5CVSS7.1AI score0.01763EPSS
Exploits0References3
OSV
OSV
added 2019/11/21 2:15 p.m.16 views

PYSEC-2019-211

trytond 2.4: ModelView.button fails to validate authorization...

7.5CVSS2.6AI score0.01763EPSS
Exploits0References6
Cvelist
Cvelist
added 2019/08/07 9:20 p.m.24 views

CVE-2019-1934 Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation...

8.8CVSS8.7AI score0.01593EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/25 12:0 a.m.3 views

Apple iOS and Apple tvOS Profiles Component Authorization Validation Vulnerability

Apple iOS and Apple tvOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. profiles is one of the profile components. A security vulnerability exists in the Profiles component of Apple iOS before 12.4 an...

4.3CVSS6.3AI score0.0072EPSS
Exploits0References1
Veracode
Veracode
added 2018/04/18 5:35 a.m.19 views

Unauthorised Changes Due To Missing Permission Checks

favorite plugin is vulnerable to unauthorized changes. The users can easily set other user's favorite status since it fails to validate the authorization of a user to writes other user's favorite status...

4.3CVSS5AI score0.00636EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2008/06/06 12:0 a.m.28 views

netscout-admin.txt

Network General Enterprise Administrator Network General has been aquired by Net Scout: Non-privileged users can perform privileged functions by manipulating the URL. Can log on as user and using the following URL conduct administrative functions:...

7.4AI score
Exploits0
Rows per page
Query Builder