173 matches found
WordPress plugin AnalyticsWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin JetElements For Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-8700
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars...
SAP S/4HANA Cloud Private 代码注入漏洞
SAP S/4HANA Cloud Private is a private cloud-deployed, enterprise-grade, intelligent ERP suite based on in-memory computing architecture from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA Cloud Private, which stems from a lack of input validation and authorization checking an...
Fortinet FortiManager 安全漏洞
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different management domains ADOM to further simplify multi-device security deployment an...
SAP Service Parts Management 安全漏洞
SAP Service Parts Management is an intelligent spare parts supply chain solution for after-sales service from SAP. An authorization issue vulnerability exists in SAP Service Parts Management, which stems from a lack of authorization checking, no details of the vulnerability are available at this...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
SAP NetWeaver和ABAP Platform 安全漏洞
SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP...
SAP NetWeaver和SAP ABAP Platform 安全漏洞
SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated service-oriented application platform that provides a development and runtime environment for SAP applications.SAP AB...
SAP Fiori 安全漏洞
SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...
CVE-2020-36731
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...
SAP NetWeaver Application Server 安全漏洞
SAP Netweaver Application Server ABAP is a core component of the SAP system, responsible for business processing and data interaction. An information disclosure vulnerability exists in SAP Netweaver Application Server ABAP, which stems from failure to perform required authorization checks and can...
PT-2025-1526 · Unknown · Generate Dummy Posts
Name of the Vulnerable Software and Affected Versions: Generate Dummy Posts versions 1.0.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access du...
CVE-2024-55231
An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...
WordPress plugin YourMembership Single Sign On 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-48953
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...
CVE-2024-9627
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'serviceprocess' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot...
CVE-2024-46293
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...
[SECURITY] [DSA 5776-1] tryton-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5776-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2024 https://www.debian.org/security/faq -...