Search Vulnerabilities

AVEVA Process Optimization Missing Authorization

GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings

Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion

Rocket.Chat Unauthorized Access to OAuth App Details

PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification

Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

Aplazo Payment Gateway <= 1.4.2 - Missing Authorization to Unauthenticated Order Status Manipulation

WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

Netcash WooCommerce Payment Gateway <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification

Crush.pics Image Optimizer <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

NSecsoft NSecKrnl process termination privilege escalation

Broken Access Control

TYPO3 CMS Allows Broken Access Control in Recycler Module

TYPO3 CMS Allows Broken Access Control in Redirects Module

WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)