1098 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13313
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to th...
CVE-2025-4046
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...
Linux Distros Unpatched Vulnerability : CVE-2025-26531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient capability checks made it possible to disable badges a user does not have permission to access. CVE-2025-26531 Note that Nessus relies on the...
CVE-2025-4046 Missing Authorization in Lexmark Cloud Services badge management
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...
CVE-2025-4046 Missing Authorization in Lexmark Cloud Services badge management
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization...
CVE-2025-4046
CVE-2025-4046 describes a Missing Authorization vulnerability in Lexmark Cloud Services badge management that could allow reassigning badges within an organization. Affected surface: Lexmark Cloud Services badge management component; root cause: insufficient access control enabling unauthorized r...
Lexmark Cloud Services 安全漏洞
Lexmark Cloud Services is a cloud-based suite of services from Lexmark, Inc. A security vulnerability exists in Lexmark Cloud Services that stems from a lack of authorization for badge management and could allow an attacker to reassign badges within an organization...
BIT-MOODLE-2025-26531 IDOR in badges allows disabling of arbitrary badges
Insufficient capability checks made it possible to disable badges a user does not have permission to access...
a3m (=0.1.0), aa-charlink (>=0.1.1 <=1.0.0) +2521 more potentially affected by CVE-2025-48432 via django (>=1.10.0 <=4.2.21)
django PYPI version =1.10.0, =0.1.1, =1.0.0, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =1.4.0, =1.4.2 - adede =4.1.0 and more Source cves: CVE-2025-48432 Source advisory: OSV:GHSA-7XR5-9HCQ-CHF9...
BIT-MOODLE-2024-48899 Moodle: idor when accessing list of course badges
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to...
CVE-2024-3280
The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2022-34180
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified j...
CVE-2024-13909
The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2024-13909
The CVE CVE-2024-13909 affects the Accredible Certificates & Open Badges WordPress plugin. It enables time-based SQL Injection through the orderby parameter in all versions up to 1.4.9 due to inadequate escaping and query construction, allowing authenticated Administrator+-level attackers to appe...
CVE-2024-13909 Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter
The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference
According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference. - An IDOR when accessing list of badge recipients. - An IDOR when accessing list of course badges. Note that the...
WordPress plugin Accredible Certificates & Open Badges SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Accredible Certificates & Ope...
CVE-2025-31804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...
CVE-2025-31804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...
CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...