10517 matches found
Classified Listing – Classified ads & Business Directory Plugin < 3.0.5 - Missing Authorization
Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. Th...
The vulnerability in the web interface of the Cisco Catalyst Center (formerly Cisco DNA Center) allows a attacker to access and modify data.
The vulnerability of the web-based interface of the Cisco Catalyst Center formerly Cisco DNA Center is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...
CVE-2024-26763
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...
CVE-2024-26763
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...
CVE-2024-26763 dm-crypt: don't modify the data when using authenticated encryption
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...
CVE-2024-26763 dm-crypt: don't modify the data when using authenticated encryption
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...
CVE-2024-26763
CVE-2024-26763 is a Linux kernel vulnerability in dm-crypt related to authenticated encryption. The issue arises when data is modified during encryption, which could produce an invalid tag. The fix copies the data into a clone bio and encrypts there, avoiding in-place modification and potential d...
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...
The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar, related to authentication flaws, allows attackers to intercept and modify data in Pulsar streams.
The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to intercept and modify data in Pulsar streams remotely...
CVE-2024-1807
CVE-2024-1807 affects the Product Sort and Display for WooCommerce plugin (WordPress). Root cause: missing capability check in the psad_update_product_cat_custom_meta_ajax function, impacting all versions up to 2.4.1. Consequence: unauthenticated attackers could modify data to hide product catego...
WordPress plugin Product Sort and Display for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of the virtual learning environment Moodle, related to the lack of security measures for the website structure, allows attackers to gain access to read, modify, or delete data, as well as execute cross-site attacks.
The vulnerability in the virtual training environment Moodle is related to the lack of measures taken to protect the structure of the web page during the processing of the GET /?lang= parameter. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, or delete...
CVE-2024-2086
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...
CVE-2024-2086 Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...
CVE-2024-2086
CVE-2024-2086 affects the WordPress plugin Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site. It has a missing capability check on multiple AJAX calls in versions up to 1.3.8, allowing an authenticated attac...
WordPress Plugin Integrate Google Drive 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-2848
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into th...
CVE-2024-2844
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...
CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...
CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...