5 matches found
CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
CVE-2024-4004
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PaddlePaddle 代码问题漏洞
PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. PaddlePaddle version 2.5.0 before there is a security vulnerability , the vulnerability stems from the PaddlePaddle paddle.flip function in the existence of a null pointer dereference Null pointer...
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...