Medium
CVSS: 5.3
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be…
Critical
CVSS: 9.9
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Medium
CVSS: 5.4
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificatio…
Medium
CVSS: 6.1
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenti…
High
CVSS: 8.7
An Unauthenticated Arbitrary File Read vulnerability affects the
Agent when installed on a system. The parameter filename does not validate the
path thus allowing users to read arbitrary files. As
the application runs with the highest privi…
Medium
CVSS: 5.4
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.
Under specific circumstances, privileged users of secure-uplo…
High
CVSS: 8.8
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. Thi…
High
CVSS: 8.8
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Medium
CVSS: 5.3
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of gisc…
High
CVSS: 7.7
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further au…
High
CVSS: 8.8
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any oth…
Low
CVSS: 3.7
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible fo…
Medium
CVSS: 6.4
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.
This vulnerability…
Medium
CVSS: 6.5
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy l…
Medium
CVSS: 5.3
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of th…
High
CVSS: 8.1
Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
High
CVSS: 8.7
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures…
High
CVSS: 7.6
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
High
CVSS: 8.2
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to by…
Medium
CVSS: 5.0
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.
Users with minimal permissions could gain unauthorized read access to GET endpoints in Aler…