9 matches found
WordPress WooPayments plugin <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability
Missing Authorization to Unauthenticated Plugin Settings Update via saveupeappearanceajax vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Payments versions = 10.5.1...
EUVD-2026-15483
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...
CVE-2026-1712
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...
CVE-2026-1712
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...
CVE-2026-1712
CVE-2026-1712 describes an incorrect privilege assignment in HYPR Server that enables privilege escalation. The issue affects HYPR Server versions starting at 10.5.1 and prior to 10.7, i.e., 10.5.1 through 10.6.x. The root cause is a faulty privilege allocation mechanism, leading to elevation of ...
PT-2026-28065
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...
SUSE CVE-2025-24839
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
SUSE CVE-2025-32093
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...
CVE-2018-6693
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use TOCTOU race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege...