8 matches found
WordPress plugin Booking Package 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
CVE-2026-44118
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...
EUVD-2026-15952
n8n Has Authorization Bypass in OAuth Callback via N8NSKIPAUTHONOAUTHCALLBACK...
GHSA-3HV4-R2FM-H27F Email Validation Bypass And Preventing Sign Up From Email's Owner
Summary Email validation can easily be bypassed because verifyemailenabled option enable email validation at sign up only. A user changing it's email after signing up and verifying it can change it without verification in /profile. This can be used to prevent legitimate owner of the email address...
CVE-2023-21389
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-20544
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...
isActive doesn't prevent owner from sweeping token from AaveV2Strategy, SDM and SPM
Handle wuwe1 Vulnerability details Proof of Concept isActive appear in these places: owner can bypass isActive check by setting a different address in sherlockCore Recommended Mitigation Steps Add Timelock on setting sherlockCore. --- The text was updated successfully, but these errors were...