Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround inform
A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side
The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. T
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can l
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument co
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locatio
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability exi
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.
A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulat
The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_translation. This makes it possible for authenti
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageD
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated us
A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation re
The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authe
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.
← Previous Page 5