39 matches found
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2025-41077
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...
EUVD-2026-1931
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...
WordPress plugin Multiple Roles per User 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...
EUVD-2006-4940
Malware in sbrugna...
EUVD-2018-18955
Malware in sbrugna...
EUVD-2017-9182
Malware in sbrugna...
EUVD-2025-4188
Malicious code in bioql PyPI...
EUVD-2024-53874
Malicious code in bioql PyPI...
EUVD-2022-44481
Malicious code in bioql PyPI...
EUVD-2022-44639
Malicious code in bioql PyPI...
CVE-2025-27262
Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges...
CVE-2022-41446
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data...
CVE-2020-25609
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...
CVE-2025-20230
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...
CVE-2024-13494
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
CVE-2024-13494 WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
CVE-2024-13494
CVE-2024-13494 : The WordPress File Upload plugin (WordPress File Upload) is vulnerable to Cross-Site Forgery (CSRF) in all versions through 4.25.2 due to missing/incorrect nonce validation in the wfu_file_details function. An unauthenticated attacker could modify details of uploaded files by tri...
CVE-2024-13494 WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
CVE-2025-26376
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...