CVE-2023-40020 Improper Authentication in PrivateUploader

PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions app/routes/v3/admin.controller.ts did not correctly verify whether the user was an administrator High Level or moderator Low Level causing the request to continue processing. The response...

PT-2022-16638 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to and including 3.2.49 Description: The issue allows authenticated attackers with contributor privileges and above to deserialize untrusted input via the filepackage dir parameter. This can...