15 matches found
PT-2026-38327
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce permissions check method combined with the public exposure of a site-wide reusable nonce. The plugin...
CVE-2025-68399
ChurchCRM security advisory documents describe a Stored Cross-Site Scripting (XSS) in the GroupEditor.php page occurring in versions prior to 6.5.4 . The vulnerability allows an attacker to inject JavaScript when creating a group role, but requires the attacker to have permission to view and modi...
CVE-2020-6214
SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...
SUSE CVE-2024-10978
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...
CVE-2023-47702
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view modify files on the system. IBM X-Force ID: 271196...
CVE-2023-36633
An improper authorization vulnerability CWE-285 in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests...
Encourage Technologies ESS REC Agent Server 路径遍历漏洞
Encourage Technologies ESS REC Agent Server is a software system from Encourage Technologies for receiving, processing, and managing audio and video data from surveillance devices. A security vulnerability exists in Encourage Technologies ESS REC Agent Server that stems from the presence of a...
CVE-2022-34449
PowerPath Management Appliance with versions 3.3 & 3.2 contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application...
IBM InfoSphere Information Server SQL注入漏洞
IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that can be exploited by an attacker to view...
CVE-2021-1269
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...
Microsoft Windows Media Foundation Memory Corruption Vulnerability (CNVD-2020-48264)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Microsoft Windows Media Foundation A memory corruption vulnerability exists in Microsoft...
CVE-2020-14477
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require...
Smartbi has a flawed logic vulnerability
Smartbi is the business intelligence BI and data analytics brand of Guangzhou Sematic Software Co. Smartbi has a logic flaw vulnerability that can be exploited by an attacker to view and modify sensitive system configuration information...
Unauthorized Access Vulnerability in Intelligent Gateway of Beijing BiNian Technology Co.
Smart Gateway is a multi-service converged gateway that integrates the features of wireless controller AC, router and firewall independently developed by Beijing Beyond Technology Co. An unauthorized access vulnerability exists in the Intelligent Gateway of Beijing BiNian Technology Co. An attack...