CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

CVE-2024-10788

The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2024-10788 Activity Log – Monitor & Record User Changes <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context

The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

PT-2024-32075 · Icecms · Icecms

Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint "/User/ChangeUser/s" in the ChangeUser functi...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

PT-2023-27021 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect plugin for WordPress versions up to, and including, 0.0.9.18 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on the events receiver function. This enables...

SUSE CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

OPENSUSE-SU-2022:10131-1 Security update for opera

This update for opera fixes the following issues: Update to 91.0.4516.20 - CHR-9019 Update chromium on desktop-stable-105-4516 to 105.0.5195.127 - DNA-101312 Allow changing logged in user with BrowserAPI - The update to chromium 105.0.5195.127 fixes following issues: CVE-2022-3196, CVE-2022-3197,...

CVE-2018-17298

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password...

Linux kernel competitive conditions vulnerability (CNVD-2016-04598)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A competitive condition vulnerability exists in the kernel/auditsc.c file in Linux kernel versions 4.6 and earlier. An attacker can exploit this vulnerability to misdirect the...

Blue Coat ProxySG local user changes contain a time and state vulnerability

Overview Changes to Blue Coat ProxySG local users do not take effect immediately, giving an attacker with known credentials a window of opportunity to use those credentials even if the user was deleted or the password was changed. CWE-361 Description Blue Coat Security Advisory SA77 states:SGOS...

boastmachine-session.txt

Vagrant - E-hack.org 05.22.2007 BoastMachine v3.0 platinum - Session Ýd Hacking After the login into the site which alllows new user registration. Site user's data which is entered to change the topic, can be changed by another user, and that is a security hole because of ID interchangeability in...