18 matches found
CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2021-11121
Malware in sbrugna...
EUVD-2023-54643
Malicious code in bioql PyPI...
EUVD-2025-12558
Malicious code in bioql PyPI...
EUVD-2023-59273
Malicious code in bioql PyPI...
EUVD-2023-12396
Malicious code in bioql PyPI...
CVE-2023-2529
The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2025-1626
CVE-2025-1626 : Qi Blocks WordPress plugin prior to 1.4 fails to validate/escape Countdown block options, enabling stored XSS for users with the contributor role or higher when the block is embedded in a page/post. Affected: Qi Blocks
CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...
CVE-2025-32790
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...
CVE-2023-20216
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...
Design/Logic Flaw
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...
Cisco BroadWorks Privilege Escalation Vulnerability
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...
GHSA-5PR9-V234-JW36 Remote Code Execution via traversal in TAL expressions
Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...
Authorization Bypass
CFME is vulnerable to authorization bypass. User role permissions for actions associated with catalogs are not properly validated, which would allow an authenticated Management Engine user to use this flaw to delete arbitrary catalogs regardless of the granted permissions...
Authorization Bypass
TeamPass is vulnerable to authorization bypass. The application does not properly enforce user role permissions, allowing a malicious user to modify or delete another user's role in the application...
Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...