269 matches found
CVE-2024-3511
CVE-2024-3511 concerns an incorrect authorization flaw affecting multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. The root cause is flawed authorization logic that enables bypass via the management console to retrieve versioned files without proper...
PT-2025-26582
Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An incorrect authorization issue exists, allowing unauthorized access to versioned files stored in the registry. This is due to flawed authorization logic, which can be exploited by a...
CVE-2022-4888
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...
Authentication Bypass
github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...
Linux Distros Unpatched Vulnerability : CVE-2019-14809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is relat...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2021-31434
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2024-11721
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated...
PT-2025-3155 · Xerox · Xerox Workplace Suite
Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading t...
Infoblox BloxOne 安全漏洞
Infoblox BloxOne is a lightweight mobile agent from Infoblox USA. redirects DNS traffic from remote devices to the BloxOne Threat Defense Cloud. A security vulnerability exists in Infoblox BloxOne version v2.4 that stems from flawed business logic...
CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.
Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...
MediaTek Chipsets 安全漏洞
MediaTek Chipsets are a variety of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets, which stems from an improperly designed architecture, where out-of-bounds reads may occur. An attacker exploiting the vulnerability could gain access to...
CVE-2024-45293
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...
Optigo ONS-S8 安全漏洞
The Optigo ONS-S8 is an intelligent industrial switch from Optigo. A security vulnerability exists in Optigo ONS-S 81.3.7 and earlier versions, which stems from a web server containing an incomplete authentication process that could lead to an attacker completing authentication without a password...
GLSA-202409-22 : GCC: Flawed Code Generation
The remote host is affected by the vulnerability described in GLSA-202409-22 GCC: Flawed Code Generation A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux...
GCC: Flawed Code Generation
Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...
Kashipara Hotel Management System 安全漏洞
Kashipara Hotel Management System is a hotel management system from Kashipara. A security vulnerability exists in Kashipara Hotel Management System version v1.0, which originates from a flawed access control vulnerability in the file /admin/editroomcontroller.php that allows an unauthenticated...
CVE-2024-6695
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...
How Can Deliberately Flawed APIs Help In Mastering API Security?
In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...