11 matches found
EUVD-2026-30257
The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...
CVE-2026-41325
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
EUVD-2026-25371
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
EUVD-2023-23618
Malicious code in bioql PyPI...
CVE-2022-48343
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process...
UBUNTU-CVE-2024-56543
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is do...
WEBIGniter 28.7.23 Cross Site Scripting
Title: WEBIGniter v28.7.23 XSS Author: RedTeamer IT Security, Mesut Cetin Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting/stored Description: During the user creation process, the 'yourname...
CVE-2024-0315
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...
CVE-2022-48343
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process...
CVE-2022-25220
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...
Does not check uniqueness of ShareHolder
Handle hack3r-0m Vulnerability details does not check if there is already a shareholder before creating a new shareholder. this will cause an issue in findShareHolder since it will return the first shareholder in the array while there are more than one. --- The text was updated successfully, but...