CVE-2025-7820

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

EUVD-2025-199801

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

EUVD-2024-40870

Malicious code in bioql PyPI...

EUVD-2024-50403

Malicious code in bioql PyPI...

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions...

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 10.19.0.0 allows a local authenticated attacker to escalate their privileges...

Pulse Connect Secure < 22.7R2.4 multiple vulnerabilities

The Pulse Connect Secure installed on the remote host is prior to 22.7R2.4. It is, therefore, affected by multiple vulnerabilities. - Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass...

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions...

CVE-2024-9844

CVE-2024-9844 affects Ivanti Connect Secure (Secure Application Manager) prior to version 22.7R2.4. The issue allows a remote authenticated attacker to bypass restrictions, enabling unauthorized access control changes. Exploitation requires authentication, and the vulnerability is associated with...

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions...

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions...

Ivanti Connect Secure 安全漏洞

Ivanti Connect Secure is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Connect Secure versions prior to 22.7R2.4 that stems from insufficient server-side controls in Secure Application Manager. An attacker can exploit the...

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 10.19.0.0 allows a local authenticated attacker to escalate their privileges...

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 10.19.0.0 allows a local authenticated attacker to escalate their privileges...

CVE-2024-44106

Ivanti Workspace Control is affected by CVE-2024-44106 due to insufficient server-side controls in the management console, enabling a local authenticated attacker to escalate privileges. Public sources (Red Hat and PT Security) describe this as a privilege-escalation issue tied to the management ...

PT-2024-6586 · Ivanti · Ivanti Workspace Control

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions 10.18.0.0 and below Description: The issue is related to insufficient server-side controls in the management console of Ivanti Workspace Control, which can be exploited by a local authenticated attacker to...

Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of server-side controls in WebParts. By specifying a control using a...

HackerOne: Inadequate access controls in "Vote" functionality???

Hello there, First of all let me congratulate you for including pornhub in the list of bug bounty programs, me and my colleagues will have a lot of fun with it hahahahahah. Awesome... Anyways, I stumbled upon something whilst testing hackerone's main site. I don't know if it's a feature that it's...