143 matches found
RLSA-2025:9329 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
ALSA-2025:9329 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
ALSA-2025:9330 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
CVE-2025-3880
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...
SUSE-SU-2025:01886-1 Security update for perl-YAML-LibYAML
This update for perl-YAML-LibYAML fixes the following issues: - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902...
CVE-2025-40908
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...
GHSA-4MMR-2W8P-WHCR Mattermost improperly allows team administrators to modify team invites
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...
CVE-2024-1091
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-10216
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
CVE-2024-12781
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...
CVE-2024-6754
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2023-26282
IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...
CVE-2023-5411
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2021-33346
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...
CVE-2020-20907
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...
CVE-2025-33136 IBM Aspera Faspex data modification
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...
CVE-2018-1999032
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
CVE-2019-1003017
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...