Lucene search
K

11 matches found

Snyk
Snyk
added 2026/05/20 3:46 p.m.9 views

Missing Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/15 8:26 a.m.1 views

CVE-2025-11728 Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

5.3CVSS5.5AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-41309

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 12:0 a.m.5 views

CVE-2025-55370

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value...

7AI score0.00358EPSS
Exploits1References2
CVE
CVE
added 2025/08/21 12:0 a.m.27 views

CVE-2025-55370

CVE-2025-55370 affects jshERP v3.5. The vulnerability arises from incorrect access control in the ResourceController.java component, allowing unauthorized attackers to modify an ID value to retrieve all related ID data. Root cause is improper access control in the controller code, with high sever...

8.8CVSS7AI score0.00358EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/01 12:0 a.m.7 views

The vulnerability of the wpa_check_authentication() function in the Analytify plugin of the WordPress content management system allows a hacker to modify the Google Analytics tracking identifier of the website.

The vulnerability of the wpacheckauthentication function in the Analytify plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify the Google Analytics tracking identifier of t...

5.3CVSS5.4AI score0.00435EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/02/03 3:15 p.m.4 views

CVE-2020-7993

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field...

4.3CVSS5.8AI score0.00747EPSS
Exploits0References2
CNVD
CNVD
added 2017/11/19 12:0 a.m.6 views

Rimet Wifi Smart Temperature Control Android APP has an override access vulnerability

Rimet Wifi Smart Temperature Control Android APP is a management platform for smart hardware devices. Rimet Wifi Intelligent Temperature Control Android APP has an override access vulnerability. After logging into the client, the attacker can obtain sensitive information such as patient's name,...

6.6AI score
Exploits0
CNVD
CNVD
added 2017/10/20 12:0 a.m.3 views

Sky Catchers App has an overstepping access vulnerability

Daily Catch App is an O2O crane catching software. Daily Catch App has an over-the-horizon access vulnerability that allows an attacker to log into the system and obtain sensitive information by catching packets and modifying IDs...

6.6AI score
Exploits0
CNVD
CNVD
added 2017/08/28 12:0 a.m.2 views

Override Access Vulnerability in Charging Pile Android App

Charging Pile APP is a software that provides electric vehicle owners with information service on the location, number, type and status of charging piles. The Charging Pile Android APP suffers from an overstepping access vulnerability that allows attackers to view arbitrary account information by...

6.7AI score
Exploits0
OSV
OSV
added 2012/01/13 6:55 p.m.8 views

CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...

6.5AI score
Exploits0References6
Rows per page
Query Builder