UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer by
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type val
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Q
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' fun
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (controller/unaccess.go) contains a logical error in its ownership guard: when a f
The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, a
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'delete_object' fun
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the arg
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/a
An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to dele
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authenticat
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2
A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Reque
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wp
EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary note
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With th
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_dele
Page 1+ Next →