10515 matches found
OESA-2024-1251 cri-o security update
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to t...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...
WooCommerce Add to Cart Custom Redirect < 1.2.14 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update
Description The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcrdismissadminnotice' function in all versions up to, and including, 1.2.13. This makes it possible for...
BIT-AIRFLOW-2023-50783 Apache Airflow: Improper access control vulnerability on the "varimport" endpoint
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...
Design/Logic Flaw
The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...
CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update
The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...
CVE-2024-1771
CVE-2024-1771 affects the WordPress Total theme up to version 2.1.59. Root cause: missing capability check in total_order_sections(), enabling authenticated users with subscriber+ access to modify homepage sections. Impact: unauthorized modification of data on the homepage. Mitigation: upgrade to...
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and...
WordPress Theme Total Security Vulnerability
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Total 2.1.59 and earlier versions, which stems fro...
mysql: Server: Replication unspecified vulnerability (CPU Jan 2024)
Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server as well a...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2024-1178
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1093
The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...
CVE-2024-1285 Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing
The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible for...
CVE-2024-1285
CVE-2024-1285 affects the Page Builder Sandwich – Front End WordPress Page Builder Plugin for WordPress. It permits unauthorized modification of data via a missing capability check in gambit_builder_save_content, affecting all versions up to 5.1.0. Attackers with subscriber+ privileges can insert...
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178
CVE-2024-1178 affects the WordPress plugin SportsPress – Sports Club & League Manager . The issue is a missing capability check in the settings_save() function, enabling unauthenticated modification of data (permalink structure) in all versions up to and including 2.7.17. The CVSS base score is 5...
WordPress Plugin Page Builder Sandwich Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Plugin Change Memory Limit Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...