CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

Apollo13 Framework Extensions < 1.9.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Goods Catalog <= 2.4.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

Description The plugin does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation. PoC curl 'https://example.com/' -d...

CVE-2023-20234

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...

YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module

The plugin is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation ...

CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

Legal Robot: Improper validation of parameters while creating issues

Heya LegalRobot Team, There is some Improper Access Control on the /Issues/insert endpoint, which leads to three notable vulnerabilities. ----- The first allows attackers to create public issues without undergoing review by setting state: "Open" and public: true. A sample request is given below:...

CVE-2017-7366

In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters...

RHEL 6 / 7 : ghostscript (RHSA-2017:1230)

An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Design/Logic Flaw

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration...