8 matches found
EUVD-2023-12952
Malicious code in bioql PyPI...
CVE-2024-22278
Incorrect user permission validation in Harbor...
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31668
Harbor (github.com/goharbor/harbor) is affected by CVE-2022-31668 due to improper permission validation when updating p2p preheat policies. A request to update a policy with an id belonging to a project the authenticated user cannot access could allow modification of p2p preheat policies in other...
Information Disclosure
mediawiki/proofread-page is vulnerable to Information Disclosure. The vulnerability exists due to the lack of user permission validation in PageDisplayHandler.php and PageContentHandler.php, which allows an attacker to discover hidden users in the system...
WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-92549)
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
IBM Algo One Algo多个安全漏洞
CVE ID:CVE-2013-6299、CVE-2013-6300、CVE-2013-6301、CVE-2013-6302、CVE-2013-6303、CVE-2013-6318、CVE-2013-6319、CVE-2013-6320、CVE-2013-6331、CVE-2013-6333 IBM Algo One是一个风险管理软件解决方案。 IBM Algo One存在多个安全漏洞: 1,应用程序不正确校验用户权限,允许攻击者利用漏洞获取受限内容。 2,存在多个跨站脚本漏洞,允许攻击者构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。...