Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate authorization checks in the containerRequestHandler process. An attacker can gain unauthorized access to sensitive system information and trigger actions on systems they do not belong to b...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

WordPress plugin WP BackItUp has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Prowess WordPress plugin has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2019-1049

Malware in sbrugna...

EUVD-2022-41576

Malicious code in bioql PyPI...

EUVD-2022-41575

Malicious code in bioql PyPI...

TencentOS Server 2: subscription-manager (TSSA-2023:0165)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0165 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2022-1557

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site...

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from inadequate authorization checks...

PT-2024-10248 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the InnoDB component of Oracle MySQL Server and is caused by inadequate authorization...

Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)

According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability. - A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due...

CVE-2024-20497 Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

PT-2023-5693 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: The issue is related to the showUsers method and is caused by inadequate authorization procedures. This allows remote attackers to escalate their privileges on affected installations...

Fedora 38 : subscription-manager (2023-29a012c0db)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-29a012c0db advisory. Automatic update for subscription-manager-1.29.37-1.fc38. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

Fedora 37 : subscription-manager (2023-0f2f9bc779)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0f2f9bc779 advisory. Automatic update for subscription-manager-1.29.37-1.fc37. Changelog for subscription-manager Wed Aug 23 2023 Packit - 1.29.37-1 - Automatic commit of package...

RLSA-2023:4706 Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Rocky Enterprise Software Foundation entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allow...

AlmaLinux 8 : subscription-manager (ALSA-2023:4706)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4706 advisory. - A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1...

CVE-2023-3899

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...