GHSA-XFX2-PRG5-JQ3G INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints

Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user logged in but without administrator privileges attempts to access a resource under /api/admin/, the system detects the error but does not block the request. As...

PT-2023-21925 · Joomla · Anymailing Joomla Plugin

Name of the Vulnerable Software and Affected Versions: AnyMailing Joomla Plugin Enterprise versions prior to 8.3.0 Description: The issue is related to unauthenticated remote code execution when access to campaign creation is granted on the front-office, due to unrestricted file upload allowing P...

Reddit: Able to approve admin approval and change effective status without adding payment details .

Summary: In https://ads.reddit.com/ you can create campaign under which you can create ads , once you create new campaign , it is on pending stage and will not be delivered unless you add payment details and is reviewed by admin and approved according to what it says here...

Service Update 0.20 for Microsoft Dynamics 365 9.0

Service Update 0.20 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.20 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.20. MORE INFORMATION Update package| Version number ---|---...

SAQ Enables Users to Pick and Choose Questions for Custom Templates

Qualys Security Assessment Questionnaire SAQ has been enhanced with new features for questionnaire templates, which enable customers to choose questions that they want to include in their campaigns. The new Question Bank option in the SAQ Template Editor provides users with a repository of...