EUVD-2025-204262

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in calendarcaneditsubscription function of lib.php because the user subscriptions are not properly handled which allows an attacker to edit user subscriptions and perform unauthorized actions...

Joomla! JE PayperVideo SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . JE PayperVideo component is used in one of the multimedia playback components . A SQL injection vulnerability exists in Jooml...

SA-CONTRIB-2010-055 - Simplenews - Access bypass

Simplenews publishes and sends email newsletters to lists of subscribers, with both anonymous and authenticated users being able to opt-in to mailing lists. The user subscription form does not use the correct access permission resulting in any user with the permission 'subscribe to newsletters'...