Medium
CVSS: 5.3
A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. Th…
Medium
CVSS: 6.9
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is poss…
High
CVSS: 8.8
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and…
Medium
CVSS: 6.5
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted…
High
CVSS: 7.7
An improper access control vulnerability may allow privilege escalation.This issue affects:
* ELI 380 Resting Electrocardiograph:
Versions 2.6.0 and prior;
* ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:
Versions 2.3.1 and…
Medium
CVSS: 6.5
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers,…
High
CVSS: 7.5
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
High
CVSS: 8.8
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This…
Medium
CVSS: 4.3
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be include…
High
CVSS: 7.8
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is…
High
CVSS: 8.8
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, mo…
Medium
CVSS: 5.1
access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
High
CVSS: 7.5
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.
High
CVSS: 8.8
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists wit…
Medium
CVSS: 6.5
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspen…
High
CVSS: 7.5
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/" endpoint.
High
CVSS: 7.5
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demo…
Medium
CVSS: 5.3
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/" to obtain information about the visits made by other user…
Medium
CVSS: 5.8
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/".
Medium
CVSS: 5.8
An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embeda…