CVE-2022-4937

CVE-2022-4937 affects the WCFM Frontend Manager plugin for WordPress. The root cause is missing capability checks on numerous AJAX actions, enabling authenticated users with minimal privileges (e.g., subscribers) to modify data across knowledge bases, notices, payments, vendors, and more. The iss...

CVE-2022-4935

CVE-2022-4935 affects the WordPress plugin “WCFM Marketplace” up to version 3.4.11. The root cause is missing capability checks on various AJAX actions, enabling authenticated users with low privileges (e.g., subscribers) to perform actions like modifying shipping method details, modifying produc...

Advisory ROSA-SA-2023-2138

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...

VulnCheck KEV: CVE-2023-25446

HappyFiles Pro is vulnerable to a data modification due to a missing capability check. This could allow actions to be performed by unatuhorised users such as deleting arbitrary files...

Sql injection

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop/paypal versions 3.12.0 through 3.16.3. An attacker could...

Prototype pollution in matrix-js-sdk (part 2)

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

VulnCheck KEV: CVE-2023-25445

HappyFiles Pro is vulnerable to a data modification due to improper authorization methods. This could allow actions to be performed by unatuhorised users such as accessing, modification or data loss...

Authentication flaw

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

CVE-2023-28103 Prototype pollution in matrix-react-sdk

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2023-28398

CVE-2023-28398 affects the Osprey Pump Controller (version 1.01). The vulnerability allows an unauthenticated user to create an account and bypass authentication via an alternate path/channel, enabling unauthorized access to the pump controller. Impact per the sources includes disruption of opera...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

RIFARTEK IOT Wall 安全漏洞

Rifartek IOT Wall is a security software from Rifartek China. A security vulnerability exists in RIFARTEK IOT Wall version v.22, which stems from the presence of an authorization error vulnerability. An attacker can exploit the vulnerability to perform specific privileged functions to access and...

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

PT-2023-16849 · Unknown · Pttem Kart

Name of the Vulnerable Software and Affected Versions: PtteM Kart versions prior to 2.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection. This allows for potential manipulation of SQL commands, which could le...

CVE-2020-36670

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

Design/Logic Flaw

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

CVE-2020-36670 NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...