10 matches found
EUVD-2025-12804
Malicious code in bioql PyPI...
EUVD-2024-33637
Malicious code in bioql PyPI...
CVE-2025-5956
The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...
WordPress plugin WP Human Resource Management 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-20190
A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby...
Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability
A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby...
CVE-2025-4177
The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users...
CVE-2025-4177
The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users...
CVE-2025-2876
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...
CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...