9 matches found
CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter
The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...
CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter
The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...
CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
EUVD-2025-204539
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
PT-2025-52448
Name of the Vulnerable Software and Affected Versions Turms IM Server versions prior to 0.10.0-SNAPSHOT Description The software contains a flaw in access control related to querying user online status. An authenticated user can access online status, device information, and login timestamps of an...
Hitachi Energy NSD570 安全漏洞
The Hitachi Energy NSD570 is a remote protection device from Hitachi, Ltd Hitachi, Japan. It is designed to provide simple commissioning, operation and monitoring of remote protection links. A security vulnerability exists in the Hitachi Energy NSD570 that originates from allowing any authenticat...