84 matches found
WordPress plugin Conformer for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
WordPress Grider for Elementor plugin missing license vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access SMA 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 CVSS score: 6.6, concerns a case of local privilege escalation that arises as a result of...
EUVD-2025-203022
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...
CVE-2025-61950
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...
ROS-20251203-10
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
EUVD-2021-18294
Malware in sbrugna...
EUVD-2025-32584
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
PT-2025-40946
Name of the Vulnerable Software and Affected Versions YoSmart YoLink MQTT broker versions through 2025-10-02 Description The YoLink MQTT broker does not adequately enforce authorization controls, which can lead to cross-account attacks. An attacker who obtains device IDs can remotely operate...
GHSA-2HMJ-97JW-28JH Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the snapshot and restore commands. The intended requirement is authentication and authorization on the root path / with ALL permission for these operations; however, affected version...
WordPress plugin Printcart Web to Print Product Designer for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-9228
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users...
PT-2025-34027 · Mir · Mir
Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: MiR software versions prior to 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes intended only for administrative users...
Kubernetes 安全漏洞
Kubernetes K8s is an open source system from Kubernetes Open Source for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes that stems from insufficient authorization checking for dynamic resource allocation by the...
SAP S/4HANA 安全漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from insufficient authorization checking and could result in the deletion of attachments...
WordPress plugin Dynamic Post 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass in the authorization process. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges...
CVE-2024-13618
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.
The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, add, or delete data...
Vulnerability fixed in Cisco Meeting Management
Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is located in Cisco Meeting Management's REST API, which allows remote, authenticated attackers with low privileges to elevate their privileges to administrator level through inadequate authorization enforcement. This...