8 matches found
CVE-2026-3552 SurfLink < 2.6.0 - Missing Authorization to Authenticated (Subscriber+) 410 Gone URL Import via 'surfl_import_410' AJAX Action
The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...
PT-2026-57396
Name of the Vulnerable Software and Affected Versions SurfLink - Ultimate Link Manager versions prior to 2.6.1 Description Unauthorized data modification is possible due to a missing capability check and missing nonce verification in the ajax import 410 function. While other AJAX handlers in the...
PT-2025-48811
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...
Linux Distros Unpatched Vulnerability : CVE-2022-0125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions...
CVE-2024-10582
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importmpfetemplate function in all versions up to, and including, 2.4.1. This makes it possible for authenticated...
CVE-2022-29237
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...
CVE-2020-11689
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file...
Design/Logic Flaw
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file...