MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log information leakage,...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

MAL-2025-69445 Malicious code in miyool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afa95da6580df72388a2b491f52c1756c733e7383660348c461a4a412f66ace2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2012-4404

Malware in sbrugna...

EUVD-2005-4841

Malware in sbrugna...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper access control in the getValue for objects. An attacker can gain unauthorized access to, create, edit, or relate data and object entries or definitions across different virtu...

CVE-2020-11661

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...

CVE-2005-4850

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficient data editing, which could resul...

WordPress Plugin Welcart e-Commerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-25169 Yearly Review Plugin leaking anonymised users data in discourse-yearly-review

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is...

Cross site scripting

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

CVE-2022-23458 Toast UI Grid vulnerable to Cross-site scripting

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

Design/Logic Flaw

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

Newsscript 1.0 - Administrative Privilege Escalation

source: https://www.securityfocus.com/bid/7705/info A vulnerability has been reported that could enable a member of the news system to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input fields of Newsscript. Peter2...