Lucene search
K

9 matches found

Snyk
Snyk
added 2026/05/08 5:6 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...

4.7CVSS5.5AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 5:44 p.m.7 views

DRUPAL-CONTRIB-2025-074

The module adds the etracker web statistics tracking system to your website. The cookies\etracker submodule allows the inline JavaScript to be included in consent management. However, this does not adequately check whether the provided JavaScript code originates from authorized users. A potential...

7.3CVSS6.7AI score0.00234EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/15 9:45 p.m.2 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all dat...

9.6CVSS6.9AI score0.00561EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/15 9:45 p.m.1 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all...

9.6CVSS6.9AI score0.00561EPSS
Exploits0References2
Snyk
Snyk
added 2023/12/12 6:44 p.m.3 views

Incorrect Authorization

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization mechanism. An attacker with only send for approval permissions could exploit this weakness to publish content without the required publish...

4.3CVSS6.9AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.4 views

Umbraco Security Breach

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. Umbraco suffers from a security vulnerability that stems from the fact that a backend user with send approval privileges but no publish privileges can publish under certain circumstances...

4.3CVSS6.8AI score0.00408EPSS
Exploits0References2
OSV
OSV
added 2019/12/27 8:15 a.m.1 views

DEBIAN-CVE-2019-20043

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...

4.3CVSS6.4AI score0.02424EPSS
Exploits0References1
OSV
OSV
added 2019/12/27 8:15 a.m.4 views

UBUNTU-CVE-2019-20043

In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this...

4.3CVSS5.8AI score0.02424EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.14 views

PT-2019-5224 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...

9.8CVSS6.7AI score0.4375EPSS
Exploits16References76
Rows per page
Query Builder