2 matches found
CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...
CVE-2023-53038 scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject's routine to NULL check pdata. Currently, an early return error is thrown from lpfcreadobject to protect...