10515 matches found
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in authentication errors, which allow attackers to modify arbitrary data.
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify arbitrary data remotely...
CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis)
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return
Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up t...
PT-2024-5016 · Sap · Sap Aba
Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...
CVE-2023-4639
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
Element Pack Elementor Addons < 5.4.12 - Missing Authorization via bdt_duplicate_as_draft
Description The Element Pack Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bdtduplicateasdraft' function in versions up to, and including, 5.4.11. This makes it possible for authenticated attackers, with...
The vulnerability of the RESTEasy software lies in insufficient validation of input data, which allows attackers to modify the information.
The vulnerability of the RESTEasy software is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to modify the information...
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...
CVE-2024-1110
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...
CVE-2024-1110
The Podlove Podcast Publisher plugin for WordPress (up to and including version 4.0.11) is vulnerable to unauthorized data modification due to a missing capability check on init(). This enables unauthenticated attackers to import or modify the plugin’s settings. The issue is triggered across all ...
CVE-2024-1110 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings...
CVE-2024-1078
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2024-1078
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...
Cisco Expressway Series 跨站请求伪造漏洞
Cisco Expressway Series is a software for accessing devices outside the firewall from Cisco USA. A cross-site request forgery vulnerability exists in Cisco Expressway Series, which can be exploited by an attacker to modify sensitive information or perform unauthorized operations...
PT-2024-16539 · WordPress · Quiz Maker
Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue is related to a missing capability check on the ays quick start and add question rows functions. This allows authenticated attackers with...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.
The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...
Authentication flaw
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...
Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Settings Import
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settin...
Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification
Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with...