EUVD-2022-42771

Malicious code in bioql PyPI...

EUVD-2023-54639

Malicious code in bioql PyPI...

PT-2025-32096 · WordPress · Reveal Listing

Name of the Vulnerable Software and Affected Versions: Reveal Listing plugin for WordPress versions up to and including 3.3 Description: The Reveal Listing plugin for WordPress allows users registering new accounts to set their own role via the listing user role field. This enables unauthenticate...

CVE-2012-6104

blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed...

Logging into webui as view only internal user provides overly privileged bearer key

Description When an user with the role "internaluserviewer" logs into the application they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application. The following steps are taken: An admin creates an Internal User with the role...

CVE-2024-1330

Kadence Blocks Pro for WordPress

postgresql:12 security update

An update is available for module.pgaudit, postgresql, pgaudit, module.pgrepack, module.postgres-decoderbufs, pgrepack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

SUSE CVE-2012-3200

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV...

Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...

Design/Logic Flaw

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle N...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Applian...

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

CVE-2020-7927 Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...