Medium
CVSS: 5.4
A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with acces…
High
CVSS: 8.1
The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM.
Medium
CVSS: 5.5
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.
Low
CVSS: 2.5
In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.
Medium
CVSS: 5.3
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel…
High
CVSS: 8.2
In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service…
Medium
CVSS: 6.3
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
Medium
CVSS: 5.3
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up t…
Medium
CVSS: 4.3
Mattermost versions 10.5.x
Medium
CVSS: 4.3
Mattermost versions 10.5.x
Low
CVSS: 3.1
Mattermost versions 10.5.x
Low
CVSS: 2.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with netwo…
Medium
CVSS: 6.1
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker wit…
Low
CVSS: 3.1
Mattermost versions 10.5.x
Medium
CVSS: 4.7
Mattermost versions 10.5.x
Medium
CVSS: 5.4
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.
Low
CVSS: 2.7
Mattermost versions 9.11.x
High
CVSS: 7.0
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous priv…
Medium
CVSS: 4.3
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to by…
Medium
CVSS: 4.3
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction th…