Plane 访问控制错误漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. An access control error vulnerability exists in versions of Plane prior to 1.2.0, which stems from a guest user being able to access a list of members of a specific workspace and recognize an administrator's email...

Admidio 安全漏洞

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in Admidio versions prior to 4.2.9 that stems from incorrect access control...

CVE-2021-4355

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...

SUSE CVE-2023-28845

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...

Pivotal Application Service Apps Manager Security Bypass Vulnerability

Pivotal Application Service is a suite of application management software from Pivotal Software, Inc.Apps Manager is one of the application managers. A security vulnerability exists in Apps Manager in Pivotal Application Service versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x...