115 matches found
Cisco IOS 安全漏洞
Cisco IOS is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS that stems from insufficient authorization validation, which could lead to elevated privileges...
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495
CVE-2025-1495 affects IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center, where information can be leaked due to missing authorization validation. Root cause: missing authentication for a critical function. Impact: potential disclosure of sensitive information. Remedia...
Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2025-1495
Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2025-1495 DESCRIPTION: IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation. CWE:CWE-306: Missing Authentication for...
PT-2025-18949 · Ibm · Ibm Business Automation Workflow
Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 24.0.0 through 24.0.1 IF001 Description: The issue is related to missing authorization validation, which may cause the software to leak sensitive information. Recommendations: For IBM Business...
Server-side Request Forgery
github.com/bishopfox/sliver is vulnerable to Server-side Request Forgery. The vulnerability is due to improper authorization and lack of validation in the Sliver teamserver's reverse port forwarding mechanism, which allows the implant to open a reverse tunnel without operator instruction...
coolLabs Coolify Elevation of Privilege Vulnerability
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. A elevation of privilege vulnerability exists in coolLabs Coolify, which is caused by improper authorization validation of terminal functions. An attacker can exploit the vulnerability to gain elevated privileges and...
Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation
Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...
WordPress plugin Xola 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin PayPal Marketing Solutions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress plugin Chamber Dashboard Business Directory 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Loginplus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin SendGrid for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Woo Tuner 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin WordPress Graphs & Charts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-12908
Delinea Secret Server v11.7.31 (protocol handler 6.0.3.26) is affected by a flaw in the protocol handler where URIs were compared before normalization/canonicalization, enabling potential over-matching against an approved list. This could allow a remote attacker to lure a user to a malicious web ...
CVE-2024-12148
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints...
WordPress plugin Joy Of Text Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
Veeam Agent for Linux 安全漏洞
Veeam Agent for Linux is a data protection and disaster recovery solution for physical and virtual machines from Veeam USA. A security vulnerability exists in Veeam Agent for Linux version 6.2 and prior versions, which stems from a lack of authorization validation that allows a local,...
Softvelum Nimble Commander 安全漏洞
Softvelum Nimble Commander is a media server software from Softvelum Inc. It is used to stream live and on-demand video and audio to desktop computers, mobile devices, Internet-connected TVs, and more. A security vulnerability exists in Softvelum Nimble Commander that originates from incorrect or...