15487 matches found
CVE-2024-56061
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through = 3.8119...
CVE-2024-56061
CVE-2024-56061: Missing Authorization in RepairBuddy CRM WordPress plugin (Webful Creations Computer Repair Shop) enables Privilege Escalation via account takeover for authenticated users. Affected: CRM WordPress Plugin – RepairBuddy, versions up to 3.8119 (per CVE record). Root cause: Missing au...
CVE-2024-13040
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to...
CVE-2024-13040
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to...
CVE-2024-13040 Quanta Computer QOCA aim - Authorization Bypass
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to...
CVE-2024-13040
CVE-2024-13040 details (Quanta Computer QOCA aim): A vulnerability titled “Authorization Bypass Through User-Controlled Key” arises from allowing manipulation of the user ID parameter. Remote attackers with regular privileges could access features as any user, modify any user’s account informatio...
CVE-2024-13040 Quanta Computer QOCA aim - Authorization Bypass
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to...
Quanta Computer QOCA aim 安全漏洞
Quanta Computer QOCA aim is an AI-assisted medical imaging and automated reasoning platform from Quanta Computer China. A security vulnerability exists in Quanta Computer QOCA aim that stems from an authorization bypass user control key vulnerability that allows a remote attacker with regular...
WordPress plugin Computer Repair Shop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-17898 · Quanta Computer · Qoca Aim
Name of the Vulnerable Software and Affected Versions: Quanta Computer's QOCA aim affected versions not specified Description: The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key issue. By controlling the user ID parameter, remote attackers with regular...
PT-2024-36696 · Webful Creations · Webful Creations Computer Repair Shop
Name of the Vulnerable Software and Affected Versions: Webful Creations Computer Repair Shop versions n/a through 3.8119 Description: A Missing Authorization vulnerability is present in Webful Creations Computer Repair Shop software, allowing Privilege Escalation. Recommendations: For versions n/...
MAL-2024-12166 Malicious code in @swiggy-private/analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 225aed6cf9dbdada3a5ab91f0b0804c55be22874bb11c2ad67624a420ff39026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12168 Malicious code in @swiggy-private/js-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28f9c99a4cfb99b75348c0637a5dc82c5b445fc5093dfc8b0f943ce32c42d11a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-46973
CVE-2024-46973 affects Imagination Technologies PowerVR-GPU driver. The issue is a use-after-free in the kernel triggered by improper GPU system calls (reference-count mismanagement on psServerMMUContext), exploitable by a non-privileged user with local access. Impact is local privilege escalatio...
Malicious code in kubehook (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b24e2f8ec8704648d97708660341e0d666f21957c858f73fe3ac792df4b2024f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12150 Malicious code in kubehook (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b24e2f8ec8704648d97708660341e0d666f21957c858f73fe3ac792df4b2024f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12144 Malicious code in devnet-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 946555a5bdd72332d358a9159bd462ebf6acd622cd681738025cccf81c503d98 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12141 Malicious code in comparison-interface (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d49c4851777ec7b5751332a47e71dbb222937e6cc24c1d9cf1808cd989ce800 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12156 Malicious code in sovryn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9da07494d6a7ce1406279823cdf09c1df8929ee54b5aac154cab1aa46f235552 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vscode-dotnet-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24b8e33604973dbb3009563bb44c06e76ba342d0a691e0ecb3341e94dadc47e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...