Lucene search
+L

173 matches found

CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

WordPress plugin AnalyticsWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.6 views

WordPress plugin JetElements For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

7.5CVSS7.8AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-8700

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars...

7.5CVSS5.9AI score0.00386EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

SAP S/4HANA Cloud Private 代码注入漏洞

SAP S/4HANA Cloud Private is a private cloud-deployed, enterprise-grade, intelligent ERP suite based on in-memory computing architecture from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA Cloud Private, which stems from a lack of input validation and authorization checking an...

8.3CVSS7.1AI score0.00414EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.5 views

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different management domains ADOM to further simplify multi-device security deployment an...

4.3CVSS6.4AI score0.00177EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

SAP Service Parts Management 安全漏洞

SAP Service Parts Management is an intelligent spare parts supply chain solution for after-sales service from SAP. An authorization issue vulnerability exists in SAP Service Parts Management, which stems from a lack of authorization checking, no details of the vulnerability are available at this...

6.3CVSS6.8AI score0.00219EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/01 1:6 p.m.7 views

org.wildfly.core:wildfly-server: Wildfly improper RBAC permission

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

6.5CVSS5.8AI score0.00648EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

SAP NetWeaver和ABAP Platform 安全漏洞

SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

SAP NetWeaver和SAP ABAP Platform 安全漏洞

SAP NetWeaver and SAP ABAP Platform are both products of SAP, a German company.SAP NetWeaver is an integrated service-oriented application platform. SAP NetWeaver is an integrated service-oriented application platform that provides a development and runtime environment for SAP applications.SAP AB...

5.3CVSS6.5AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

SAP Fiori 安全漏洞

SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...

5.4CVSS6.2AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.8 views

CVE-2020-36731

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

7.2CVSS6AI score0.01342EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.12 views

SAP NetWeaver Application Server 安全漏洞

SAP Netweaver Application Server ABAP is a core component of the SAP system, responsible for business processing and data interaction. An information disclosure vulnerability exists in SAP Netweaver Application Server ABAP, which stems from failure to perform required authorization checks and can...

4.3CVSS6.4AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.7 views

PT-2025-1526 · Unknown · Generate Dummy Posts

Name of the Vulnerable Software and Affected Versions: Generate Dummy Posts versions 1.0.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access du...

5.3CVSS9.3AI score0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/18 12:0 a.m.10 views

CVE-2024-55231

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's...

6.5AI score0.0033EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin YourMembership Single Sign On 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

6.5CVSS7.9AI score0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 6:16 a.m.75 views

CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

7.5CVSS6.9AI score0.0073EPSS
Exploits1References1
OSV
OSV
added 2024/11/07 5:15 p.m.4 views

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2024/10/22 7:15 a.m.29 views

CVE-2024-9627

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'serviceprocess' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot...

8.6CVSS0.00351EPSS
Exploits0References2
OSV
OSV
added 2024/09/30 3:15 p.m.5 views

CVE-2024-46293

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether t...

9.8CVSS5.8AI score0.00421EPSS
Exploits0References1
Debian
Debian
added 2024/09/27 4:9 p.m.12 views

[SECURITY] [DSA 5776-1] tryton-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5776-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2024 https://www.debian.org/security/faq -...

6.8AI score
Exploits0
Rows per page
Query Builder