VulnCheck KEV: CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

CVE-2025-58424

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-11728

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

CVE-2025-10849

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

WordPress plugin Felan Framework 安全漏洞

The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...

CVE-2025-58424

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-58424

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-58424 BIG-IP TMM vulnerability

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-11728

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation

The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

WordPress plugin Library Management System 安全漏洞

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

EUVD-2025-34189

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation...

WordPress Cost Calculator Builder plugin unauthorized data modification vulnerability

WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...

WordPress plugin Slider Revolution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-41371

Name of the Vulnerable Software and Affected Versions Slider Revolution plugin for WordPress versions prior to 6.7.38 Description The Slider Revolution plugin for WordPress is susceptible to unauthorized access and modification of data because of a missing capability check on several functions...

CVE-2025-10351 SQL injection vulnerability in Melis Platform

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

EUVD-2018-14581

Malware in sbrugna...