Latest CVE Feed
-
4.3
MEDIUMCVE-2020-5621
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter ... Read more
- Published: Aug. 28, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-4171
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.... Read more
Affected Products : security_guardium_insights- Published: Aug. 27, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-0367
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.... Read more
Affected Products : netweaver_process_integration- Published: Oct. 08, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-19411
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific... Read more
- Published: Jan. 21, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-16197
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use.... Read more
- Published: Aug. 25, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-6772
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking... Read more
Affected Products : splunk- Published: Jan. 23, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-4361
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.... Read more
Affected Products : planning_analytics- Published: Jul. 20, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-4173
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes ... Read more
- Published: Jul. 09, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-4601
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.... Read more
Affected Products : rational_quality_manager- Published: Apr. 08, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-5465
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.... Read more
Affected Products : gitlab- Published: Jan. 28, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-15412
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.... Read more
- Published: Jun. 30, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-4282
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Force ID: 176205.... Read more
Affected Products : security_information_queue- Published: Apr. 08, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-16116
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.... Read more
Affected Products : completeftp_server- Published: Oct. 02, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-13425
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validatio... Read more
Affected Products : wp_job_portal- Published: Feb. 01, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-24613
Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.... Read more
Affected Products :- Published: Jan. 24, 2025
- Modified: Jan. 24, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-24679
Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2.... Read more
Affected Products :- Published: Jan. 24, 2025
- Modified: Jan. 24, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-24751
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.... Read more
Affected Products : coblocks- Published: Jan. 24, 2025
- Modified: Jan. 24, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-12113
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions ... Read more
Affected Products : youzify- Published: Jan. 25, 2025
- Modified: May. 28, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2020-10482
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.... Read more
Affected Products : phpkb- Published: Mar. 12, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-10487
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.... Read more
Affected Products : phpkb- Published: Mar. 12, 2020
- Modified: Nov. 21, 2024