1088 matches found
CVE-2024-39319
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...
CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...
PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend
Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...
CVE-2024-6691
The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. Thi...
PT-2024-11549 · Unknown · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS Server versions prior to 2.8.2 NATS Streaming Server versions prior to 0.24.6 Description: The issue is caused by the failure to enforce negative user permissions in one scenario, allowing a remote attacker to bypass security restriction...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possibl...
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...
EUVD-2024-36040
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...
CVE-2024-36372
JetBrains TeamCity is affected by a reflected XSS on the subscriptions page in versions before 2023.05.6. Multiple connected sources (NVD/Nessus/CNVD/CNNVD) describe lack of proper input filtering/escaping on the subscriptions page as the root cause. Practical impact is execution of arbitrary scr...
PT-2024-3959
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 Description The issue is related to a reflected XSS vulnerability on the subscriptions page, which could allow a remote attacker to conduct cross-site scripting attacks. This is due to the lack of...
USN-6768-1: GLib vulnerability
Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...
USN-6768-1 glib2.0 vulnerability
Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...
CVE-2024-29320
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...
PT-2024-22861 · Wallos · Wallos
Name of the Vulnerable Software and Affected Versions: Wallos versions prior to 1.15.3 Description: The issue is related to SQL Injection via the category and payment parameters to the "/subscriptions/get.php" API endpoint. This allows for potential exploitation. Recommendations: For versions pri...
CVE-2024-29320
Wallos is affected by a SQL injection in versions prior to 1.15.3. The vulnerability stems from unsanitized input in the category and payment parameters to /subscriptions/get.php, enabling potentially unauthorized data access. Affected product: Wallos (open source personal subscription tracker); ...
Wallos SQL注入漏洞
Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A SQL injection vulnerability exists in Wallos versions prior to 1.15.3, which originates from an easy SQL injection via the category and payment parameters of /subscriptions/get.php...