11 matches found
Missing Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...
CVE-2025-11728 Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...
EUVD-2024-41309
Malicious code in bioql PyPI...
CVE-2025-55370
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value...
CVE-2025-55370
CVE-2025-55370 affects jshERP v3.5. The vulnerability arises from incorrect access control in the ResourceController.java component, allowing unauthorized attackers to modify an ID value to retrieve all related ID data. Root cause is improper access control in the controller code, with high sever...
The vulnerability of the wpa_check_authentication() function in the Analytify plugin of the WordPress content management system allows a hacker to modify the Google Analytics tracking identifier of the website.
The vulnerability of the wpacheckauthentication function in the Analytify plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to modify the Google Analytics tracking identifier of t...
CVE-2020-7993
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field...
Rimet Wifi Smart Temperature Control Android APP has an override access vulnerability
Rimet Wifi Smart Temperature Control Android APP is a management platform for smart hardware devices. Rimet Wifi Intelligent Temperature Control Android APP has an override access vulnerability. After logging into the client, the attacker can obtain sensitive information such as patient's name,...
Sky Catchers App has an overstepping access vulnerability
Daily Catch App is an O2O crane catching software. Daily Catch App has an over-the-horizon access vulnerability that allows an attacker to log into the system and obtain sensitive information by catching packets and modifying IDs...
Override Access Vulnerability in Charging Pile Android App
Charging Pile APP is a software that provides electric vehicle owners with information service on the location, number, type and status of charging piles. The Charging Pile Android APP suffers from an overstepping access vulnerability that allows attackers to view arbitrary account information by...
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...