CVE-2024-31403

Cybozu Garoon 5.0.0–6.0.0 contains an incorrect authorization vulnerability that allows a remote authenticated attacker to alter and/or obtain Memo data due to improper restriction of memo access. Public sources (NVD, Red Hat, JVN, CNNVD, CNVD, CVE listings) confirm the impact and note the soluti...

CVE-2024-2210 The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrar...

Authentication flaw

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin...

CVE-2022-26368

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet...

Cybozu Garoon Access Control Error Vulnerability (CNVD-2022-54341)

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. The system provides portal, E-mail, bookmarks, scheduling, bulletin board, document management, etc. An access control error vulnerability exists in Cybozu Garoon, which stems from improper access restrictions in bulletins. An...