CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...

[SECURITY] Fedora 40 Update: javaparser-3.25.8-3.fc40

This package contains a Java 1 to 13 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code...

BIT-AIRFLOW-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modif...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

CVE-2023-5716 ASUS Armoury Crate - Arbitrary File Write

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...

Broken Access Control order API in Shopware

Impact In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order stat...

Hreflang Manager < 1.07 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.06. This is due to missing nonce validation in the /admin/view/connections.php file. This makes it possible for unauthenticated attackers to modify, delete, and clone connections via a forge...

IBM Rational Asset Manager Privilege Control Issue Vulnerability

IBM Rational Asset Manager is a collaborative software development tool from IBM, USA. Organizations can use it to identify, manage and govern the design, development and use of software assets and services. A privilege control issue vulnerability exists in IBM Rational Asset Manager version 7.5...

Race Condition

github.com/deis/workflow-manager is vulnerable to Race Condition. The vulnerability is caused when the shared resource parameter clusterid is called concurrently. An attacker can potentially modify a shared resource by exploiting this vulnerability...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost, which stems from the fact that when a user attempts to access a playbook, Mattermost fails to authenticate the identity of the team member, thus allowing ...

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

Siemens Mendix Authentication Bypass Vulnerability

Mendix is a high-productivity application platform for building and continuously improving mobile and web applications at scale. An authentication bypass vulnerability exists in Siemens Mendix, which can be exploited by an attacker to access or modify objects without proper authorization or to...

Incorrect Authorization

apacheairflow is vulnerable to Incorrect Authorization. The vulnerability is due to in forms.py as there is no read-only validation on critical fields, this allows authenticated users with DAG-view permissions to modify DAG run details. An attacker can use this for alter details such as...

Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

Input validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

CVE-2023-41960

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

Hardcoded credentials

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...