Lucene search
K

78 matches found

vulnrichment
vulnrichment
added 2025/08/18 1:27 p.m.7 views

CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

7.7CVSS6.8AI score0.00217EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 9:33 a.m.11 views

CVE-2024-0766

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4.3CVSS6.6AI score0.00457EPSS
Exploits0References1
huntr
huntr
added 2025/05/13 1:27 p.m.13 views

IDOR Vulnerability in Template Creation via `projectId` Manipulation

Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...

7.7CVSS6.7AI score0.00217EPSS
Exploits0
osv
osv
added 2025/03/22 3:15 a.m.5 views

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motorscreatetemplate and motorsdeletetemplate functions in all versions up to, and including, 1.4.57. This makes it possible for...

4.3CVSS7.4AI score0.00288EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/02/03 12:0 a.m.9 views

The vulnerability of the graph creation function or graph template creation function of the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the graph creation function or graph template creation function in the Cacti network monitoring software is related to improper handling of line separators. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

9CVSS8.3AI score0.54024EPSS
Exploits10References3Affected Software1
osv
osv
added 2025/01/09 8:15 p.m.5 views

CVE-2024-56114

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...

6.5CVSS5.8AI score0.00325EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2024/11/29 12:0 a.m.18 views

The vulnerability of the library for optimizing machine learning models in Intel Neural Compressor lies in the failure to take measures to neutralize special elements in the template creation mechanism. This allows attackers to enhance their privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...

7CVSS5.5AI score0.00227EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/10/13 8:15 p.m.6 views

CVE-2024-9917

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...

4.9CVSS5.4AI score0.08703EPSS
Exploits1References4
bdu_fstec
bdu_fstec
added 2024/07/10 12:0 a.m.5 views

The vulnerability of the HTTP File Server, related to the failure to take measures to eliminate special elements in the template creation mechanism, allows attackers to execute arbitrary commands.

The vulnerability of the HTTP File Server is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted HTTP requests with the “search”...

10CVSS8.4AI score0.99485EPSS
Exploits20References8Affected Software1
patchstack
patchstack
added 2024/06/07 2:53 a.m.5 views

WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification vulnerability

Missing Authorization to MA Template Creation or Modification vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...

6.5CVSS7AI score0.00319EPSS
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2024/04/24 12:0 a.m.5 views

The vulnerability of the software for centralized device management in Fortinet’s FortiManager system lies in errors during the elimination of specific elements in the template creation mechanism. This allows a malicious actor to execute arbitrary code.

The vulnerability of the software for centralized device management in Fortinet FortiManager is related to errors during the elimination of specific elements in the template creation mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created...

6.8CVSS6AI score0.0027EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/02/28 9:15 a.m.3 views

CVE-2024-0766

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4.3CVSS5.8AI score0.00457EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2023/11/01 12:0 a.m.7 views

The vulnerability of the OctoPrint 3D-printer controller, related to errors in eliminating special elements in the template creation mechanism, allows a violator to execute arbitrary code.

The vulnerability of the OctoPrint 3D-printer controller is related to errors during the neutralization of special elements in the template creation mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code...

6.5CVSS6.9AI score0.00568EPSS
Exploits1References4Affected Software1
wpvulndb
wpvulndb
added 2023/01/10 12:0 a.m.25 views

Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF

The plugin does not have CSRF check when creating menu templates, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

6.5CVSS4.7AI score0.00348EPSS
Exploits1References1Affected Software1
osv
osv
added 2023/01/09 11:15 p.m.5 views

CVE-2022-4103

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...

4.3CVSS5.9AI score0.00262EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/01/09 12:0 a.m.4 views

WordPress Plugin Royal Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS5.3AI score0.00262EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/01/09 12:0 a.m.10 views

PT-2023-13956 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons WordPress plugin versions prior to 1.3.56 Description: The issue is related to the lack of authorization and CSRF checks when creating a template. This could allow any authenticated users, such as subscribers, to...

4.3CVSS6.7AI score0.00262EPSS
Exploits1References6
huntr
huntr
added 2022/06/28 7:23 a.m.11 views

Arbitrary template creation leading to Authenticated Remote Code Execution

Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...

0.5AI score
Exploits0
bdu_fstec
bdu_fstec
added 2020/10/14 12:0 a.m.7 views

The vulnerability of the template function for software-based Cisco WebEx Meetings allows a hacker to gain rights to create meeting templates.

The vulnerability of the template creation function for Cisco Webex Meetings software-related web conferencing solutions is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain permission to create meeting templates...

4.3CVSS5.5AI score0.00721EPSS
Exploits0References3Affected Software1
cnvd
cnvd
added 2020/08/06 12:0 a.m.7 views

Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A scheduled meeting template creation vulnerability exists in Cisco Webex Meetings versions prior to 40.7.0. The vulnerability stems from insufficient execution of authorization for scheduled meeting template creation...

4.3CVSS6.7AI score0.00721EPSS
Exploits0References1
Rows per page
Query Builder