9 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...
DRUPAL-CONTRIB-2025-074
The module adds the etracker web statistics tracking system to your website. The cookies\etracker submodule allows the inline JavaScript to be included in consent management. However, this does not adequately check whether the provided JavaScript code originates from authorized users. A potential...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all dat...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all...
Incorrect Authorization
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization mechanism. An attacker with only send for approval permissions could exploit this weakness to publish content without the required publish...
Umbraco Security Breach
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. Umbraco suffers from a security vulnerability that stems from the fact that a backend user with send approval privileges but no publish privileges can publish under certain circumstances...
DEBIAN-CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...
UBUNTU-CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...
PT-2019-5224 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...