CVE-2021-24215

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromi...

Unauthorized Access

github.com/netlify/gotrue is vulnerable to Unauthorized Access. The vulnerability is due to the insecure handling of provider metadata from the user object, allows attackers to exploit the metadata, compromising the security of other resources...

CVE-2024-45693

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

CVE-2024-4146

In Lunary (lunary-ai/lunary) v1.2.13, CVE-2024-4146 describes an incorrect authorization vulnerability in the checkProjectAccess middleware. The vulnerability relies on only verifying organization membership and fails to enforce explicit project-level permissions checked via the account_project t...

Uncover and Remediate Toxic Combinations with Attack Path Analysis

Particularly at enterprise scale, it’s not uncommon to have hundreds of thousands of resources running across your cloud environments at any given time. Of course, these resources aren’t running independently. In modern environments, these resources are all interconnected and in many cases...

F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K55102004)

When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.CVE-2020-5855 Impact Attackers may be able to bypass authentication togain unauthorized access ...