14 matches found
WordPress plugin Oliver POS 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
PT-2026-21676
Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description An unprivileged user can read user management information through the RTU500 web interface. Accessing this information requires tools like browser development utilities and does not occur...
CVE-2023-0017
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...
PT-2025-2265 · WordPress · Woocommerce Support Ticket System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.8 Description: The issue is related to missing capability checks on the ajax delete message, ajax get customers partial list, and ajax get admins list...
PT-2024-29908 · Sap · Sap Systems
Name of the Vulnerable Software and Affected Versions: SAP Systems affected versions not specified Description: The RFC enabled function module in SAP Systems allows a low-privileged user to read any user's workplace favorites and user menu, along with specific data of each node. This issue enabl...
PT-2024-7359 · Cfx.Re · Cfx.Re Fxserver
Name of the Vulnerable Software and Affected Versions: Cfx.re FXServer versions v9601 and earlier wpDiscuz affected versions not specified Description: The issue is related to incorrect access control and the failure to neutralize script-related HTML tags on a web page. This can allow a remote...
PT-2024-40046 · Ez Systems · Ez Platform
Name of the Vulnerable Software and Affected Versions: eZ Platform version 2.3.x Description: The issue allows unauthenticated users to bypass permission checks and read user data, including names and emails, but not passwords or password hashes. Recommendations: For eZ Platform version 2.3.x,...
PT-2023-26255 · Saho · Saho Adm100 +1
Name of the Vulnerable Software and Affected Versions: Saho attendance devices ADM100 and ADM-100FP affected versions not specified Description: The issue is related to insufficient authentication in Saho’s attendance devices. An unauthenticated remote attacker can exploit this to bypass...
CVE-2022-41272
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...
CVE-2020-27413
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application...
Weseek GROWI 安全漏洞
GROWI is a team collaboration software. An access control error vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote, unauthenticated attacker to read a user's personal information and/or internal server information...
MailEnable Path Traversal Vulnerability
MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A directory traversal vulnerability exists in MailEnable versions prior to 8.60, which stems from the program incorrectly handling '/... /' and '/... /' sequences. An attacker could exploit this vulnerability to read...