1088 matches found
PT-2025-35734
Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions through 2.15.9 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update to a version later than 2.15.9...
Missing Authorization
Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation due to failure to check user permissions when editing channel subscriptions via the API...
Missing Authorization
Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...
Improper Authentication
Mattermost Confluence Plugin is vulnerable to improper authentication. The vulnerability is due to the failure to enforce user authentication to the Mattermost instance, which allows an attacker to edit channel subscriptions via an unauthenticated API call...
Malicious code in monolith-twirp-webhooksubscriptions-subscriptions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df56bfac6f56194f6dc4db74f8761484bd20d2a46e61558f757a3179e3e249e8 The OpenSSF Package Analysis project identified 'monolith-twirp-webhooksubscriptions-subscriptions' @ 1.5.0 rubygems as malicious. It is...
MAL-2025-46938 Malicious code in monolith-twirp-webhooksubscriptions-subscriptions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df56bfac6f56194f6dc4db74f8761484bd20d2a46e61558f757a3179e3e249e8 The OpenSSF Package Analysis project identified 'monolith-twirp-webhooksubscriptions-subscriptions' @ 1.5.0 rubygems as malicious. It is...
Malicious code in example-subscriptions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...
MAL-2025-41808 Malicious code in example-subscriptions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...
Linux Distros Unpatched Vulnerability : CVE-2020-13346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential...
Linux Distros Unpatched Vulnerability : CVE-2024-4006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all...
CVE-2025-54017
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...
SUSE CVE-2025-44001
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...
SUSE CVE-2025-53857
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...
SUSE CVE-2025-54478
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
SUSE CVE-2025-8285
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2025-54017
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...
CVE-2025-54017
CVE-2025-54017 is a PHP Local File Inclusion in the WordPress plugin Paid Member Subscriptions (vulnerable up to 2.15.4). The root cause is improper control of include/require filenames, enabling local file inclusion. The vulnerability is rated high (CVSS 3.1 base 7.5) with network access, high i...
CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...
CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4...
WordPress plugin Paid Member Subscriptions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...